@civic/auth 0.3.7 → 0.3.8-beta.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (199) hide show
  1. package/CHANGELOG.md +3 -0
  2. package/dist/cjs/nextjs/GetUser.d.ts +6 -0
  3. package/dist/cjs/nextjs/GetUser.d.ts.map +1 -0
  4. package/dist/cjs/nextjs/GetUser.js +11 -0
  5. package/dist/cjs/nextjs/GetUser.js.map +1 -0
  6. package/dist/cjs/nextjs/NextAuthenticationRefresherImpl.d.ts +11 -0
  7. package/dist/cjs/nextjs/NextAuthenticationRefresherImpl.d.ts.map +1 -0
  8. package/dist/cjs/nextjs/NextAuthenticationRefresherImpl.js +21 -0
  9. package/dist/cjs/nextjs/NextAuthenticationRefresherImpl.js.map +1 -0
  10. package/dist/cjs/nextjs/NextClientAuthenticationRefresher.d.ts +3 -4
  11. package/dist/cjs/nextjs/NextClientAuthenticationRefresher.d.ts.map +1 -1
  12. package/dist/cjs/nextjs/NextClientAuthenticationRefresher.js +14 -12
  13. package/dist/cjs/nextjs/NextClientAuthenticationRefresher.js.map +1 -1
  14. package/dist/cjs/nextjs/NextServerAuthenticationRefresherImpl.d.ts +2 -1
  15. package/dist/cjs/nextjs/NextServerAuthenticationRefresherImpl.d.ts.map +1 -1
  16. package/dist/cjs/nextjs/NextServerAuthenticationRefresherImpl.js +10 -2
  17. package/dist/cjs/nextjs/NextServerAuthenticationRefresherImpl.js.map +1 -1
  18. package/dist/cjs/nextjs/hooks/useRefresh.d.ts +3 -1
  19. package/dist/cjs/nextjs/hooks/useRefresh.d.ts.map +1 -1
  20. package/dist/cjs/nextjs/hooks/useRefresh.js +10 -2
  21. package/dist/cjs/nextjs/hooks/useRefresh.js.map +1 -1
  22. package/dist/cjs/nextjs/providers/NextAuthProvider.d.ts.map +1 -1
  23. package/dist/cjs/nextjs/providers/NextAuthProvider.js +7 -1
  24. package/dist/cjs/nextjs/providers/NextAuthProvider.js.map +1 -1
  25. package/dist/cjs/nextjs/routeHandler.d.ts.map +1 -1
  26. package/dist/cjs/nextjs/routeHandler.js +18 -11
  27. package/dist/cjs/nextjs/routeHandler.js.map +1 -1
  28. package/dist/cjs/reactjs/components/LoadingSpinner.d.ts +7 -0
  29. package/dist/cjs/reactjs/components/LoadingSpinner.d.ts.map +1 -0
  30. package/dist/cjs/reactjs/components/LoadingSpinner.js +33 -0
  31. package/dist/cjs/reactjs/components/LoadingSpinner.js.map +1 -0
  32. package/dist/cjs/reactjs/hooks/useAuth.d.ts +3 -0
  33. package/dist/cjs/reactjs/hooks/useAuth.d.ts.map +1 -0
  34. package/dist/cjs/reactjs/hooks/useAuth.js +15 -0
  35. package/dist/cjs/reactjs/hooks/useAuth.js.map +1 -0
  36. package/dist/cjs/reactjs/hooks/useSignIn.d.ts +6 -0
  37. package/dist/cjs/reactjs/hooks/useSignIn.d.ts.map +1 -0
  38. package/dist/cjs/reactjs/hooks/useSignIn.js +38 -0
  39. package/dist/cjs/reactjs/hooks/useSignIn.js.map +1 -0
  40. package/dist/cjs/reactjs/providers/AuthProvider.d.ts.map +1 -1
  41. package/dist/cjs/reactjs/providers/AuthProvider.js +8 -0
  42. package/dist/cjs/reactjs/providers/AuthProvider.js.map +1 -1
  43. package/dist/cjs/reactjs/providers/ClientTokenExchangeSessionProvider.d.ts.map +1 -1
  44. package/dist/cjs/reactjs/providers/ClientTokenExchangeSessionProvider.js +0 -1
  45. package/dist/cjs/reactjs/providers/ClientTokenExchangeSessionProvider.js.map +1 -1
  46. package/dist/cjs/server/refresh.d.ts.map +1 -1
  47. package/dist/cjs/server/refresh.js +4 -1
  48. package/dist/cjs/server/refresh.js.map +1 -1
  49. package/dist/cjs/services/AuthenticationService.d.ts.map +1 -1
  50. package/dist/cjs/services/AuthenticationService.js +0 -5
  51. package/dist/cjs/services/AuthenticationService.js.map +1 -1
  52. package/dist/cjs/shared/components/CivicAuthIframe.d.ts.map +1 -1
  53. package/dist/cjs/shared/components/CivicAuthIframe.js +7 -1
  54. package/dist/cjs/shared/components/CivicAuthIframe.js.map +1 -1
  55. package/dist/cjs/shared/hooks/useClientTokenExchangeSession.d.ts +3 -0
  56. package/dist/cjs/shared/hooks/useClientTokenExchangeSession.d.ts.map +1 -0
  57. package/dist/cjs/shared/hooks/useClientTokenExchangeSession.js +16 -0
  58. package/dist/cjs/shared/hooks/useClientTokenExchangeSession.js.map +1 -0
  59. package/dist/cjs/shared/hooks/useRefresh.d.ts +3 -1
  60. package/dist/cjs/shared/hooks/useRefresh.d.ts.map +1 -1
  61. package/dist/cjs/shared/hooks/useRefresh.js +10 -2
  62. package/dist/cjs/shared/hooks/useRefresh.js.map +1 -1
  63. package/dist/cjs/shared/lib/AuthenticationRefresherImpl.d.ts +2 -2
  64. package/dist/cjs/shared/lib/AuthenticationRefresherImpl.d.ts.map +1 -1
  65. package/dist/cjs/shared/lib/AuthenticationRefresherImpl.js +7 -4
  66. package/dist/cjs/shared/lib/AuthenticationRefresherImpl.js.map +1 -1
  67. package/dist/cjs/shared/lib/BrowserAuthenticationRefresher.d.ts +11 -0
  68. package/dist/cjs/shared/lib/BrowserAuthenticationRefresher.d.ts.map +1 -0
  69. package/dist/cjs/shared/lib/BrowserAuthenticationRefresher.js +63 -0
  70. package/dist/cjs/shared/lib/BrowserAuthenticationRefresher.js.map +1 -0
  71. package/dist/cjs/shared/lib/GenericAuthenticationRefresher copy.d.ts +18 -0
  72. package/dist/cjs/shared/lib/GenericAuthenticationRefresher copy.d.ts.map +1 -0
  73. package/dist/cjs/shared/lib/GenericAuthenticationRefresher copy.js +85 -0
  74. package/dist/cjs/shared/lib/GenericAuthenticationRefresher copy.js.map +1 -0
  75. package/dist/cjs/shared/lib/GenericAuthenticationRefresher.d.ts +2 -4
  76. package/dist/cjs/shared/lib/GenericAuthenticationRefresher.d.ts.map +1 -1
  77. package/dist/cjs/shared/lib/GenericAuthenticationRefresher.js +9 -36
  78. package/dist/cjs/shared/lib/GenericAuthenticationRefresher.js.map +1 -1
  79. package/dist/cjs/shared/lib/util.d.ts.map +1 -1
  80. package/dist/cjs/shared/lib/util.js +14 -1
  81. package/dist/cjs/shared/lib/util.js.map +1 -1
  82. package/dist/cjs/shared/providers/AuthProvider.d.ts +22 -0
  83. package/dist/cjs/shared/providers/AuthProvider.d.ts.map +1 -0
  84. package/dist/cjs/shared/providers/AuthProvider.js +108 -0
  85. package/dist/cjs/shared/providers/AuthProvider.js.map +1 -0
  86. package/dist/cjs/shared/providers/CivicAuthProvider.d.ts +6 -0
  87. package/dist/cjs/shared/providers/CivicAuthProvider.d.ts.map +1 -0
  88. package/dist/cjs/shared/providers/CivicAuthProvider.js +38 -0
  89. package/dist/cjs/shared/providers/CivicAuthProvider.js.map +1 -0
  90. package/dist/cjs/shared/providers/ClientTokenExchangeSessionProvider.d.ts +17 -0
  91. package/dist/cjs/shared/providers/ClientTokenExchangeSessionProvider.d.ts.map +1 -0
  92. package/dist/cjs/shared/providers/ClientTokenExchangeSessionProvider.js +168 -0
  93. package/dist/cjs/shared/providers/ClientTokenExchangeSessionProvider.js.map +1 -0
  94. package/dist/esm/nextjs/GetUser.d.ts +6 -0
  95. package/dist/esm/nextjs/GetUser.d.ts.map +1 -0
  96. package/dist/esm/nextjs/GetUser.js +7 -0
  97. package/dist/esm/nextjs/GetUser.js.map +1 -0
  98. package/dist/esm/nextjs/NextClientAuthenticationRefresher.d.ts +3 -4
  99. package/dist/esm/nextjs/NextClientAuthenticationRefresher.d.ts.map +1 -1
  100. package/dist/esm/nextjs/NextClientAuthenticationRefresher.js +14 -12
  101. package/dist/esm/nextjs/NextClientAuthenticationRefresher.js.map +1 -1
  102. package/dist/esm/nextjs/NextServerAuthenticationRefresherImpl.d.ts +2 -1
  103. package/dist/esm/nextjs/NextServerAuthenticationRefresherImpl.d.ts.map +1 -1
  104. package/dist/esm/nextjs/NextServerAuthenticationRefresherImpl.js +10 -2
  105. package/dist/esm/nextjs/NextServerAuthenticationRefresherImpl.js.map +1 -1
  106. package/dist/esm/nextjs/hooks/useRefresh.d.ts +3 -1
  107. package/dist/esm/nextjs/hooks/useRefresh.d.ts.map +1 -1
  108. package/dist/esm/nextjs/hooks/useRefresh.js +10 -2
  109. package/dist/esm/nextjs/hooks/useRefresh.js.map +1 -1
  110. package/dist/esm/nextjs/providers/NextAuthProvider.d.ts.map +1 -1
  111. package/dist/esm/nextjs/providers/NextAuthProvider.js +7 -1
  112. package/dist/esm/nextjs/providers/NextAuthProvider.js.map +1 -1
  113. package/dist/esm/nextjs/routeHandler.d.ts.map +1 -1
  114. package/dist/esm/nextjs/routeHandler.js +18 -11
  115. package/dist/esm/nextjs/routeHandler.js.map +1 -1
  116. package/dist/esm/reactjs/hooks/useAuth.d.ts +3 -0
  117. package/dist/esm/reactjs/hooks/useAuth.d.ts.map +1 -0
  118. package/dist/esm/reactjs/hooks/useAuth.js +12 -0
  119. package/dist/esm/reactjs/hooks/useAuth.js.map +1 -0
  120. package/dist/esm/reactjs/hooks/useSignIn.d.ts +6 -0
  121. package/dist/esm/reactjs/hooks/useSignIn.d.ts.map +1 -0
  122. package/dist/esm/reactjs/hooks/useSignIn.js +34 -0
  123. package/dist/esm/reactjs/hooks/useSignIn.js.map +1 -0
  124. package/dist/esm/reactjs/providers/AuthProvider.d.ts.map +1 -1
  125. package/dist/esm/reactjs/providers/AuthProvider.js +8 -0
  126. package/dist/esm/reactjs/providers/AuthProvider.js.map +1 -1
  127. package/dist/esm/reactjs/providers/ClientTokenExchangeSessionProvider.d.ts.map +1 -1
  128. package/dist/esm/reactjs/providers/ClientTokenExchangeSessionProvider.js +1 -2
  129. package/dist/esm/reactjs/providers/ClientTokenExchangeSessionProvider.js.map +1 -1
  130. package/dist/esm/server/refresh.d.ts.map +1 -1
  131. package/dist/esm/server/refresh.js +4 -1
  132. package/dist/esm/server/refresh.js.map +1 -1
  133. package/dist/esm/services/AuthenticationService.d.ts.map +1 -1
  134. package/dist/esm/services/AuthenticationService.js +0 -5
  135. package/dist/esm/services/AuthenticationService.js.map +1 -1
  136. package/dist/esm/shared/components/CivicAuthIframe.d.ts.map +1 -1
  137. package/dist/esm/shared/components/CivicAuthIframe.js +8 -2
  138. package/dist/esm/shared/components/CivicAuthIframe.js.map +1 -1
  139. package/dist/esm/shared/hooks/useClientTokenExchangeSession.d.ts +3 -0
  140. package/dist/esm/shared/hooks/useClientTokenExchangeSession.d.ts.map +1 -0
  141. package/dist/esm/shared/hooks/useClientTokenExchangeSession.js +13 -0
  142. package/dist/esm/shared/hooks/useClientTokenExchangeSession.js.map +1 -0
  143. package/dist/esm/shared/hooks/useRefresh.d.ts +3 -1
  144. package/dist/esm/shared/hooks/useRefresh.d.ts.map +1 -1
  145. package/dist/esm/shared/hooks/useRefresh.js +10 -2
  146. package/dist/esm/shared/hooks/useRefresh.js.map +1 -1
  147. package/dist/esm/shared/lib/AuthenticationRefresherImpl.d.ts +2 -2
  148. package/dist/esm/shared/lib/AuthenticationRefresherImpl.d.ts.map +1 -1
  149. package/dist/esm/shared/lib/AuthenticationRefresherImpl.js +7 -4
  150. package/dist/esm/shared/lib/AuthenticationRefresherImpl.js.map +1 -1
  151. package/dist/esm/shared/lib/BrowserAuthenticationRefresher.d.ts +11 -0
  152. package/dist/esm/shared/lib/BrowserAuthenticationRefresher.d.ts.map +1 -0
  153. package/dist/esm/shared/lib/BrowserAuthenticationRefresher.js +59 -0
  154. package/dist/esm/shared/lib/BrowserAuthenticationRefresher.js.map +1 -0
  155. package/dist/esm/shared/lib/GenericAuthenticationRefresher.d.ts +2 -4
  156. package/dist/esm/shared/lib/GenericAuthenticationRefresher.d.ts.map +1 -1
  157. package/dist/esm/shared/lib/GenericAuthenticationRefresher.js +11 -38
  158. package/dist/esm/shared/lib/GenericAuthenticationRefresher.js.map +1 -1
  159. package/dist/esm/shared/lib/util.d.ts.map +1 -1
  160. package/dist/esm/shared/lib/util.js +14 -1
  161. package/dist/esm/shared/lib/util.js.map +1 -1
  162. package/dist/esm/shared/providers/AuthProvider.d.ts +22 -0
  163. package/dist/esm/shared/providers/AuthProvider.d.ts.map +1 -0
  164. package/dist/esm/shared/providers/AuthProvider.js +72 -0
  165. package/dist/esm/shared/providers/AuthProvider.js.map +1 -0
  166. package/dist/esm/shared/providers/CivicAuthProvider.d.ts +6 -0
  167. package/dist/esm/shared/providers/CivicAuthProvider.d.ts.map +1 -0
  168. package/dist/esm/shared/providers/CivicAuthProvider.js +32 -0
  169. package/dist/esm/shared/providers/CivicAuthProvider.js.map +1 -0
  170. package/dist/esm/shared/providers/ClientTokenExchangeSessionProvider.d.ts +17 -0
  171. package/dist/esm/shared/providers/ClientTokenExchangeSessionProvider.d.ts.map +1 -0
  172. package/dist/esm/shared/providers/ClientTokenExchangeSessionProvider.js +131 -0
  173. package/dist/esm/shared/providers/ClientTokenExchangeSessionProvider.js.map +1 -0
  174. package/dist/nextjs/providers/NextAuthProvider.d.ts.map +1 -1
  175. package/dist/nextjs/providers/NextAuthProvider.js +9 -4
  176. package/dist/nextjs/providers/NextAuthProvider.js.map +1 -1
  177. package/dist/reactjs/providers/AuthProvider.d.ts.map +1 -1
  178. package/dist/reactjs/providers/AuthProvider.js +3 -1
  179. package/dist/reactjs/providers/AuthProvider.js.map +1 -1
  180. package/dist/shared/components/CivicAuthIframeContainer.d.ts.map +1 -1
  181. package/dist/shared/components/CivicAuthIframeContainer.js +4 -1
  182. package/dist/shared/components/CivicAuthIframeContainer.js.map +1 -1
  183. package/dist/shared/hooks/useSignIn.js +3 -3
  184. package/dist/shared/hooks/useSignIn.js.map +1 -1
  185. package/dist/shared/lib/iframeUtils.d.ts +1 -1
  186. package/dist/shared/lib/iframeUtils.d.ts.map +1 -1
  187. package/dist/shared/lib/iframeUtils.js +2 -2
  188. package/dist/shared/lib/iframeUtils.js.map +1 -1
  189. package/dist/shared/providers/IframeProvider.d.ts +3 -0
  190. package/dist/shared/providers/IframeProvider.d.ts.map +1 -1
  191. package/dist/shared/providers/IframeProvider.js +5 -0
  192. package/dist/shared/providers/IframeProvider.js.map +1 -1
  193. package/dist/shared/version.d.ts +1 -1
  194. package/dist/shared/version.d.ts.map +1 -1
  195. package/dist/shared/version.js +1 -1
  196. package/dist/shared/version.js.map +1 -1
  197. package/dist/tsconfig.cjs.tsbuildinfo +1 -1
  198. package/dist/tsconfig.esm.tsbuildinfo +1 -1
  199. package/package.json +1 -1
package/dist/esm/services/AuthenticationService.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AuthenticationService.js","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAW9E,OAAO,EACL,+BAA+B,EAC/B,8BAA8B,GAC/B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,WAAW,EACX,SAAS,EACT,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,yBAAyB,EACzB,cAAc,EACd,WAAW,EACX,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAM3D,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACxE,OAAO,EAAE,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAyB3D,MAAM,uBAAuB,GAAG,CAAC,KAA4B,EAAE,EAAE;IAC/D,YAAY,CAAC,OAAO,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;AAChE,CAAC,CAAC;AACF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,OAAO,8BAA8B;IAqB9B;IApBH,kBAAkB,GAA2C,IAAI,CAAC;IAEhE,MAAM,CAAuC;IAEhD,cAAc,CAAC,WAAwB;QAC5C,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IACxC,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;IACjC,CAAC;IAED,IAAI,qBAAqB;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,YAAY,8BAA8B,CAAC;IAC5E,CAAC;IACD,IAAI,KAAK;QACP,OAAO,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC5E,CAAC;IACD,YACE,MAA0B,EACjB,mBAAmB,uBAAuB;QAA1C,qBAAgB,GAAhB,gBAAgB,CAA0B;QAEnD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAmB,EAAE,EAAE;YAChD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,IACE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClC,OAAO,CAAC,QAAQ,KAAK,WAAW,EAChC,CAAC;gBACD,IAAI,CAAC,2BAA2B,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAwB,CAAC;gBACpD,IAAI,YAAY,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;oBAChD,IAAI,CAAC,yBAAyB,CAC3B,YAAY,CAAC,IAAwB,CAAC,GAAG,CAC3C,CAAC;oBACF,OAAO;gBACT,CAAC;gBACD,IAAI,YAAY,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACnC,iCAAiC;oBACjC,IAAI,CAAC,0BAA0B,CAC7B,YAAY,CAAC,IAA6B,CAC3C,CAAC;oBACF,OAAO;gBACT,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,WAAmB;QACjD,OAAO,CAAC,IAAI,CACV,qEAAqE,EACrE,WAAW,CACZ,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,0BAA0B,CAAC,OAA8B;QAC7D,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACjC,CAAC;IAED,uGAAuG;IACvG,qEAAqE;IACrE,KAAK,CAAC,MAAM,CAAC,SAAmC;QAC9C,MAAM,GAAG,GAAG,MAAM,qBAAqB,CAAC;YACtC,GAAG,IAAI,CAAC,MAAM;YACd,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;YACpC,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,UAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;gBACD,uEAAuE;YACzE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,UAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAES,qBAAqB,CAC7B,MAAyB,EACzB,WAAmB;QAEnB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,QAAQ,GAA+B,SAAS,CAAC;YACrD,IAAI,OAAO,GAA+B,SAAS,CAAC;YAEpD,MAAM,cAAc,GAAG,CAAC,KAAmB,EAAE,EAAE;gBAC7C,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,aAAa,EAAE,CAAC;oBAC1C,6DAA6D;oBAC7D,OAAO;gBACT,CAAC;gBAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAyB,CAAC;gBAEhD,IACE,OAAO,CAAC,MAAM,KAAK,eAAe;oBAClC,CAAC,OAAO,CAAC,IAAI,KAAK,YAAY;wBAC5B,OAAO,CAAC,IAAI,KAAK,sBAAsB,CAAC,EAC1C,CAAC;oBACD,aAAa,CAAC,QAAQ,CAAC,CAAC;oBACxB,YAAY,CAAC,OAAO,CAAC,CAAC;oBACtB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;oBACtD,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,uBAAuB,CAAC,CAAC,CAAC;oBACjE,OAAO;gBACT,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YAEnD,qDAAqD;YACrD,MAAM,WAAW,GAAG,GAAG,EAAE;gBACvB,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,IAAI,CAAC;oBACvD,IAAI,UAAU,EAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;wBACtC,aAAa,CAAC,QAAQ,CAAC,CAAC;wBACxB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;wBACtD,OAAO,EAAE,CAAC;oBACZ,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,6BAA6B;gBAC/B,CAAC;YACH,CAAC,CAAC;YAEF,QAAQ,GAAG,WAAW,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAEzC,2BAA2B;YAC3B,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBACxB,aAAa,CAAC,QAAQ,CAAC,CAAC;gBACxB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;gBACtD,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;YAC7D,CAAC,EAAE,KAAK,CAAC,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAA2B,EAC3B,SAAmC;QAEnC,IAAI,GAAG,CAAC;QAER,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YACD,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC7D,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YACD,GAAG,GAAG,MAAM,sBAAsB,CAAC;gBACjC,GAAG,IAAI,CAAC,MAAM;gBACd,OAAO;gBACP,KAAK;gBACL,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,2CAA2C;QAC3C,MAAM,YAAY,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAC/C,MAAM,WAAW,CAAC,YAAY,CAAC,CAAC;QAChC,MAAM,SAAS,CAAC,YAAY,CAAC,CAAC;QAC9B,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAE5C,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;YACpC,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YAExC,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,qBAAqB,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YACvE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;gBACzC,yDAAyD;gBACzD,mEAAmE;gBACnE,+BAA+B;gBAC/B,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBAC/B,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBACrE,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;oBACxC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBAC1D,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,YAAY,GAAG,IAAI,mBAAmB,EAAE,CAAC;YAC/C,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;YACtC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,UAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,UAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,8BAA8B;IAC/B,MAAM,CAAuC;IAEvD,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uGAAuG;IACvG,4BAA4B;IAC5B,KAAK,CAAC,MAAM;QACV,OAAO,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAe;QAC3B,OAAO,sBAAsB,CAAC;YAC5B,GAAG,IAAI,CAAC,MAAM;YACd,OAAO;SACR,CAAC,CAAC;IACL,CAAC;CACF;AAaD;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,8BAA8B;IAQlE;IAPJ,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,0EAA0E;IAC1E,YACE,MAAmC;IACnC,6FAA6F;IACnF,eAAe,IAAI,+BAA+B,EAAE;QAE9D,KAAK,CAAC;YACJ,GAAG,MAAM;YACT,yDAAyD;YACzD,YAAY,EAAE,YAAY;SAC3B,CAAC,CAAC;QANO,iBAAY,GAAZ,YAAY,CAAwC;IAOhE,CAAC;IAED,kFAAkF;IAClF,oGAAoG;IACpG,kDAAkD;IAClD,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACrC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,uEAAuE;IACvE,uCAAuC;IACvC,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,SAAU,CAChB,CAAC;QACF,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAChD,MAAM,WAAW,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACzC,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC5B,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,oBAAoB,CAC5C,KAAK,EACL,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;QAEF,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,yBAAyB;YACzB,MAAM,CAAC,gBAAgB,CAAC,cAAc,EAAE,GAAG,EAAE;gBAC3C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,8GAA8G;QAC9G,yBAAyB,CAAC,wBAAwB,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;YACvC,oBAAoB,EAAE,WAAW,CAAC,uBAAuB;SAC1D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,WAAW,EAAE,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;gBACtD,MAAM,sBAAsB,GAAG,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;gBACxE,gDAAgD;gBAChD,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAE7D,4DAA4D;YAC5D,MAAM,oBAAoB,CACxB;gBACE,YAAY,EAAE,WAAW,CAAC,WAAW;gBACrC,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,aAAa,EAAE,WAAW,CAAC,YAAY;gBACvC,uBAAuB,EAAE,WAAW,CAAC,oBAAoB;aAC1D,EACD,IAAI,CAAC,SAAU,EACf,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;YACF,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC1D,MAAM,sBAAsB,GAAG;gBAC7B,aAAa,EAAE,KAAK;aACrB,CAAC;YACF,MAAM,WAAW,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;YAC7C,OAAO,sBAAsB,CAAC;QAChC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC;IACpC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,MAAmC;QAEnC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF","sourcesContent":["// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport type {\n DisplayMode,\n Endpoints,\n IframeAuthMessage,\n LoginAppDesignOptions,\n LoginPostMessage,\n OIDCTokenResponseBody,\n SessionData,\n} from \"@/types.js\";\nimport {\n BrowserPublicClientPKCEProducer,\n ConfidentialClientPKCEConsumer,\n} from \"@/services/PKCE.js\";\nimport {\n clearTokens,\n clearUser,\n exchangeTokens,\n generateOauthLoginUrl,\n generateOauthLogoutUrl,\n getEndpointsWithOverrides,\n retrieveTokens,\n storeTokens,\n validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport { displayModeFromState, generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport type {\n AuthenticationInitiator,\n AuthenticationResolver,\n PKCEConsumer,\n} from \"@/services/types.js\";\nimport { PopupError } from \"@/services/types.js\";\nimport { removeParamsWithoutReload } from \"@/lib/windowUtil.js\";\nimport { DEFAULT_OAUTH_GET_PARAMS, LOGOUT_STATE } from \"@/constants.js\";\nimport { validateLoginAppPostMessage } from \"@/lib/postMessage.js\";\nimport { getUser } from \"@/shared/lib/session.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { getIframeRef } from \"@/shared/lib/iframeUtils.js\";\n\nexport type GenericAuthenticationInitiatorConfig = {\n clientId: string;\n redirectUrl: string;\n state: string;\n scopes: string[];\n oauthServer: string;\n nonce?: string;\n // the endpoints to use for the login (if not obtained from the auth server)\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n};\n\nexport type BrowserAuthenticationInitiatorConfig = Omit<\n GenericAuthenticationInitiatorConfig,\n \"state\"\n> & {\n logoutUrl?: string;\n logoutRedirectUrl: string;\n // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n displayMode: DisplayMode;\n};\n\nconst defaultSetDesignOptions = (value: LoginAppDesignOptions) => {\n localStorage.setItem(\"loginAppDesign\", JSON.stringify(value));\n};\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n * pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n * ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n * pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n * ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n private postMessageHandler: null | ((event: MessageEvent) => void) = null;\n\n protected config: BrowserAuthenticationInitiatorConfig;\n\n public setDisplayMode(displayMode: DisplayMode) {\n this.config.displayMode = displayMode;\n }\n\n get displayMode() {\n return this.config.displayMode;\n }\n\n get isServerTokenExchange() {\n return this.config.pkceConsumer instanceof ConfidentialClientPKCEConsumer;\n }\n get state() {\n return generateState(this.config.displayMode, this.isServerTokenExchange);\n }\n constructor(\n config: typeof this.config,\n readonly setDesignOptions = defaultSetDesignOptions,\n ) {\n this.config = config;\n\n this.postMessageHandler = (event: MessageEvent) => {\n const thisURL = new URL(window.location.href);\n if (\n event.origin.endsWith(\"civic.com\") ||\n thisURL.hostname === \"localhost\"\n ) {\n if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {\n return;\n }\n const loginMessage = event.data as LoginPostMessage;\n if (loginMessage.type === \"generatePopupFailed\") {\n this.handleLoginAppPopupFailed(\n (loginMessage.data as { url: string }).url,\n );\n return;\n }\n if (loginMessage.type === \"design\") {\n // TODO handle the design message\n this.handleLoginAppDesignUpdate(\n loginMessage.data as LoginAppDesignOptions,\n );\n return;\n }\n }\n };\n\n window.addEventListener(\"message\", this.postMessageHandler);\n }\n\n async handleLoginAppPopupFailed(redirectUrl: string) {\n console.warn(\n \"Login app popup failed open a popup, using redirect mode instead...\",\n redirectUrl,\n );\n window.location.href = redirectUrl;\n }\n\n async handleLoginAppDesignUpdate(options: LoginAppDesignOptions) {\n this.setDesignOptions(options);\n }\n\n // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n // and then use the display mode to decide how to send the user there\n async signIn(iframeRef: HTMLIFrameElement | null): Promise<URL> {\n const url = await generateOauthLoginUrl({\n ...this.config,\n state: this.state,\n });\n\n if (this.config.displayMode === \"iframe\") {\n const ref = getIframeRef(iframeRef);\n ref.setAttribute(\"src\", url.toString());\n }\n\n if (this.config.displayMode === \"redirect\") {\n window.location.href = url.toString();\n }\n\n if (this.config.displayMode === \"new_tab\") {\n try {\n const popupWindow = window.open(url.toString(), \"_blank\");\n if (!popupWindow) {\n throw new PopupError(\"Failed to open popup window\");\n }\n // TODO handle the 'onclose' event to clean up and reset the authStatus\n } catch (error) {\n console.error(\"popupWindow\", error);\n throw new PopupError(\n \"window.open has thrown: Failed to open popup window\",\n );\n }\n }\n\n return url;\n }\n\n protected handleIframeUrlChange(\n iframe: HTMLIFrameElement,\n expectedUrl: string,\n ): Promise<void> {\n return new Promise((resolve, reject) => {\n let interval: NodeJS.Timeout | undefined = undefined;\n let timeout: NodeJS.Timeout | undefined = undefined;\n\n const messageHandler = (event: MessageEvent) => {\n if (event.source !== iframe.contentWindow) {\n // This message did not originate from the iframe. Ignore it.\n return;\n }\n\n const message = event.data as IframeAuthMessage;\n\n if (\n message.source === \"civicloginApp\" &&\n (message.type === \"auth_error\" ||\n message.type === \"auth_error_try_again\")\n ) {\n clearInterval(interval);\n clearTimeout(timeout);\n window.removeEventListener(\"message\", messageHandler);\n reject(new Error(message.data.error || \"Authentication failed\"));\n return;\n }\n };\n\n window.addEventListener(\"message\", messageHandler);\n\n // Keep the existing URL check logic for success case\n const checkIframe = () => {\n try {\n const currentUrl = iframe.contentWindow?.location.href;\n if (currentUrl?.includes(expectedUrl)) {\n clearInterval(interval);\n window.removeEventListener(\"message\", messageHandler);\n resolve();\n }\n } catch {\n // Ignore cross-origin errors\n }\n };\n\n interval = setInterval(checkIframe, 100);\n\n // Timeout after 10 seconds\n timeout = setTimeout(() => {\n clearInterval(interval);\n window.removeEventListener(\"message\", messageHandler);\n reject(new Error(\"Timeout waiting for iframe URL change\"));\n }, 10000);\n });\n }\n\n async signOut(\n idToken: string | undefined,\n iframeRef: HTMLIFrameElement | null,\n ): Promise<URL> {\n let url;\n\n const state = this.state;\n if (this.isServerTokenExchange) {\n if (!this.config.logoutUrl) {\n throw new Error(\"logoutUrl is required for server token exchange\");\n }\n url = new URL(this.config.logoutUrl, window.location.origin);\n url.searchParams.append(\"state\", state);\n } else {\n if (!idToken) {\n throw new Error(\"idToken is required for non-server token exchange\");\n }\n url = await generateOauthLogoutUrl({\n ...this.config,\n idToken,\n state,\n redirectUrl: this.config.logoutRedirectUrl,\n });\n }\n\n // Clear storage before calling auth server\n const localStorage = new LocalStorageAdapter();\n await clearTokens(localStorage);\n await clearUser(localStorage);\n LocalStorageAdapter.emitter.emit(\"signOut\");\n\n if (this.config.displayMode === \"iframe\") {\n const ref = getIframeRef(iframeRef);\n ref.setAttribute(\"src\", url.toString());\n\n try {\n await this.handleIframeUrlChange(ref, this.config.logoutRedirectUrl);\n } catch (error) {\n console.log(\"Failed to sign out\", error);\n // on logout error, trigger the logout-callback directly,\n // if it is a logout from the server, so the the session is cleared\n // and user can still sign out.\n if (this.isServerTokenExchange) {\n url = new URL(this.config.logoutRedirectUrl, window.location.origin);\n url.searchParams.append(\"state\", state);\n url.searchParams.append(\"appUrl\", window.location.origin);\n ref.setAttribute(\"src\", url.toString());\n }\n }\n }\n\n if (this.config.displayMode === \"redirect\") {\n const localStorage = new LocalStorageAdapter();\n localStorage.set(LOGOUT_STATE, state);\n window.location.href = url.toString();\n }\n\n if (this.config.displayMode === \"new_tab\") {\n try {\n const popupWindow = window.open(url.toString(), \"_blank\");\n if (!popupWindow) {\n throw new PopupError(\"Failed to open popup window\");\n }\n } catch (error) {\n console.error(\"popupWindow\", error);\n throw new PopupError(\n \"window.open has thrown: Failed to open popup window\",\n );\n }\n }\n\n return url;\n }\n\n cleanup() {\n if (this.postMessageHandler) {\n window.removeEventListener(\"message\", this.postMessageHandler);\n }\n }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n protected config: GenericAuthenticationInitiatorConfig;\n\n constructor(config: typeof this.config) {\n this.config = config;\n }\n\n // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n // and simply return the url\n async signIn(): Promise<URL> {\n return generateOauthLoginUrl(this.config);\n }\n\n async signOut(idToken: string): Promise<URL> {\n return generateOauthLogoutUrl({\n ...this.config,\n idToken,\n });\n }\n}\n\ntype BrowserAuthenticationConfig = {\n clientId: string;\n redirectUrl: string;\n logoutUrl?: string;\n logoutRedirectUrl: string;\n scopes: string[];\n oauthServer: string;\n endpointOverrides?: Partial<Endpoints>;\n displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n private oauth2client: OAuth2Client | undefined;\n private endpoints: Endpoints | undefined;\n\n // TODO WIP - perhaps we want to keep resolver and initiator separate here\n constructor(\n config: BrowserAuthenticationConfig,\n // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n ) {\n super({\n ...config,\n // Store and retrieve the PKCE challenge in local storage\n pkceConsumer: pkceProducer,\n });\n }\n\n // TODO too much code duplication here between the browser and the server variant.\n // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n // function for generating an oauth2client from it\n async init(): Promise<this> {\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.config.oauthServer,\n this.config.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.config.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.config.redirectUrl,\n },\n );\n\n return this;\n }\n\n // Two responsibilities:\n // 1. resolve the auth code to get the tokens (should use library code)\n // 2. store the tokens in local storage\n async tokenExchange(\n code: string,\n state: string,\n ): Promise<OIDCTokenResponseBody> {\n if (!this.oauth2client) await this.init();\n const codeVerifier = await this.pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n // exchange auth code for tokens\n const tokens = await exchangeTokens(\n code,\n state,\n this.pkceProducer,\n this.oauth2client!, // clean up types here to avoid the ! operator\n this.config.oauthServer,\n this.endpoints!, // clean up types here to avoid the ! operator\n );\n const clientStorage = new LocalStorageAdapter();\n await storeTokens(clientStorage, tokens);\n const user = await getUser(clientStorage);\n if (!user) {\n throw new Error(\"Failed to get user info\");\n }\n const userSession = new GenericUserSession(clientStorage);\n await userSession.set(user);\n LocalStorageAdapter.emitter.emit(\"signIn\");\n // cleanup the browser window if needed\n const parsedDisplayMode = displayModeFromState(\n state,\n this.config.displayMode,\n );\n\n if (parsedDisplayMode === \"new_tab\") {\n // Close the popup window\n window.addEventListener(\"beforeunload\", () => {\n window?.opener?.focus();\n });\n window.close();\n }\n // these are the default oAuth params that get added to the URL in redirect which we want to remove if present\n removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);\n return tokens;\n }\n\n // Get the session data from local storage\n async getSessionData(): Promise<SessionData | null> {\n const storageData = await retrieveTokens(new LocalStorageAdapter());\n\n if (!storageData) return null;\n\n return {\n authenticated: !!storageData.id_token,\n idToken: storageData.id_token,\n accessToken: storageData.access_token,\n refreshToken: storageData.refresh_token,\n accessTokenExpiresAt: storageData.access_token_expires_at,\n };\n }\n\n async validateExistingSession(): Promise<SessionData> {\n try {\n const sessionData = await this.getSessionData();\n if (!sessionData?.idToken || !sessionData.accessToken) {\n const unAuthenticatedSession = { ...sessionData, authenticated: false };\n // await clearTokens(new LocalStorageAdapter());\n return unAuthenticatedSession;\n }\n if (!this.endpoints || !this.oauth2client) await this.init();\n\n // this function will throw if any of the tokens are invalid\n await validateOauth2Tokens(\n {\n access_token: sessionData.accessToken,\n id_token: sessionData.idToken,\n refresh_token: sessionData.refreshToken,\n access_token_expires_at: sessionData.accessTokenExpiresAt,\n },\n this.endpoints!,\n this.oauth2client!,\n this.config.oauthServer,\n );\n return sessionData;\n } catch (error) {\n console.warn(\"Failed to validate existing tokens\", error);\n const unAuthenticatedSession = {\n authenticated: false,\n };\n await clearTokens(new LocalStorageAdapter());\n return unAuthenticatedSession;\n }\n }\n\n async getEndSessionEndpoint(): Promise<string | null> {\n if (!this.endpoints) {\n return null;\n }\n return this.endpoints?.endsession;\n }\n\n static async build(\n config: BrowserAuthenticationConfig,\n ): Promise<AuthenticationResolver> {\n const resolver = new BrowserAuthenticationService(config);\n await resolver.init();\n\n return resolver;\n }\n}\n"]}
1
+ {"version":3,"file":"AuthenticationService.js","sourceRoot":"","sources":["../../../src/services/AuthenticationService.ts"],"names":[],"mappings":"AAAA,8EAA8E;AAW9E,OAAO,EACL,+BAA+B,EAC/B,8BAA8B,GAC/B,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,WAAW,EACX,SAAS,EACT,cAAc,EACd,qBAAqB,EACrB,sBAAsB,EACtB,yBAAyB,EACzB,cAAc,EACd,WAAW,EACX,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,oBAAoB,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AACrE,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAM3D,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EAAE,yBAAyB,EAAE,MAAM,qBAAqB,CAAC;AAChE,OAAO,EAAE,wBAAwB,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AACxE,OAAO,EAAE,2BAA2B,EAAE,MAAM,sBAAsB,CAAC;AACnE,OAAO,EAAE,OAAO,EAAE,MAAM,yBAAyB,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,MAAM,6BAA6B,CAAC;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAC;AAyB3D,MAAM,uBAAuB,GAAG,CAAC,KAA4B,EAAE,EAAE;IAC/D,YAAY,CAAC,OAAO,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;AAChE,CAAC,CAAC;AACF;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,OAAO,8BAA8B;IAqB9B;IApBH,kBAAkB,GAA2C,IAAI,CAAC;IAEhE,MAAM,CAAuC;IAEhD,cAAc,CAAC,WAAwB;QAC5C,IAAI,CAAC,MAAM,CAAC,WAAW,GAAG,WAAW,CAAC;IACxC,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;IACjC,CAAC;IAED,IAAI,qBAAqB;QACvB,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,YAAY,8BAA8B,CAAC;IAC5E,CAAC;IACD,IAAI,KAAK;QACP,OAAO,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,IAAI,CAAC,qBAAqB,CAAC,CAAC;IAC5E,CAAC;IACD,YACE,MAA0B,EACjB,mBAAmB,uBAAuB;QAA1C,qBAAgB,GAAhB,gBAAgB,CAA0B;QAEnD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,IAAI,CAAC,kBAAkB,GAAG,CAAC,KAAmB,EAAE,EAAE;YAChD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC9C,IACE,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC;gBAClC,OAAO,CAAC,QAAQ,KAAK,WAAW,EAChC,CAAC;gBACD,IAAI,CAAC,2BAA2B,CAAC,KAAK,CAAC,IAAI,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACnE,OAAO;gBACT,CAAC;gBACD,MAAM,YAAY,GAAG,KAAK,CAAC,IAAwB,CAAC;gBACpD,IAAI,YAAY,CAAC,IAAI,KAAK,qBAAqB,EAAE,CAAC;oBAChD,IAAI,CAAC,yBAAyB,CAC3B,YAAY,CAAC,IAAwB,CAAC,GAAG,CAC3C,CAAC;oBACF,OAAO;gBACT,CAAC;gBACD,IAAI,YAAY,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;oBACnC,iCAAiC;oBACjC,IAAI,CAAC,0BAA0B,CAC7B,YAAY,CAAC,IAA6B,CAC3C,CAAC;oBACF,OAAO;gBACT,CAAC;YACH,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,WAAmB;QACjD,OAAO,CAAC,IAAI,CACV,qEAAqE,EACrE,WAAW,CACZ,CAAC;QACF,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,WAAW,CAAC;IACrC,CAAC;IAED,KAAK,CAAC,0BAA0B,CAAC,OAA8B;QAC7D,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IACjC,CAAC;IAED,uGAAuG;IACvG,qEAAqE;IACrE,KAAK,CAAC,MAAM,CAAC,SAAmC;QAC9C,MAAM,GAAG,GAAG,MAAM,qBAAqB,CAAC;YACtC,GAAG,IAAI,CAAC,MAAM;YACd,KAAK,EAAE,IAAI,CAAC,KAAK;SAClB,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;YACpC,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC1C,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,UAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;gBACD,uEAAuE;YACzE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,UAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAES,qBAAqB,CAC7B,MAAyB,EACzB,WAAmB;QAEnB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,QAAQ,GAA+B,SAAS,CAAC;YACrD,IAAI,OAAO,GAA+B,SAAS,CAAC;YAEpD,MAAM,cAAc,GAAG,CAAC,KAAmB,EAAE,EAAE;gBAC7C,IAAI,KAAK,CAAC,MAAM,KAAK,MAAM,CAAC,aAAa,EAAE,CAAC;oBAC1C,6DAA6D;oBAC7D,OAAO;gBACT,CAAC;gBAED,MAAM,OAAO,GAAG,KAAK,CAAC,IAAyB,CAAC;gBAEhD,IACE,OAAO,CAAC,MAAM,KAAK,eAAe;oBAClC,CAAC,OAAO,CAAC,IAAI,KAAK,YAAY;wBAC5B,OAAO,CAAC,IAAI,KAAK,sBAAsB,CAAC,EAC1C,CAAC;oBACD,aAAa,CAAC,QAAQ,CAAC,CAAC;oBACxB,YAAY,CAAC,OAAO,CAAC,CAAC;oBACtB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;oBACtD,MAAM,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,uBAAuB,CAAC,CAAC,CAAC;oBACjE,OAAO;gBACT,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;YAEnD,qDAAqD;YACrD,MAAM,WAAW,GAAG,GAAG,EAAE;gBACvB,IAAI,CAAC;oBACH,MAAM,UAAU,GAAG,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,IAAI,CAAC;oBACvD,IAAI,UAAU,EAAE,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;wBACtC,aAAa,CAAC,QAAQ,CAAC,CAAC;wBACxB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;wBACtD,OAAO,EAAE,CAAC;oBACZ,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,6BAA6B;gBAC/B,CAAC;YACH,CAAC,CAAC;YAEF,QAAQ,GAAG,WAAW,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAEzC,2BAA2B;YAC3B,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBACxB,aAAa,CAAC,QAAQ,CAAC,CAAC;gBACxB,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;gBACtD,MAAM,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;YAC7D,CAAC,EAAE,KAAK,CAAC,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,OAAO,CACX,OAA2B,EAC3B,SAAmC;QAEnC,IAAI,GAAG,CAAC;QAER,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;QACzB,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC/B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC3B,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;YACrE,CAAC;YACD,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YAC7D,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC1C,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;YACvE,CAAC;YACD,GAAG,GAAG,MAAM,sBAAsB,CAAC;gBACjC,GAAG,IAAI,CAAC,MAAM;gBACd,OAAO;gBACP,KAAK;gBACL,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB;aAC3C,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,YAAY,CAAC,SAAS,CAAC,CAAC;YACpC,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;YAExC,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,qBAAqB,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YACvE,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,CAAC,CAAC;gBACzC,yDAAyD;gBACzD,mEAAmE;gBACnE,+BAA+B;gBAC/B,IAAI,IAAI,CAAC,qBAAqB,EAAE,CAAC;oBAC/B,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,iBAAiB,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBACrE,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;oBACxC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;oBAC1D,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC;QACH,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,UAAU,EAAE,CAAC;YAC3C,MAAM,YAAY,GAAG,IAAI,mBAAmB,EAAE,CAAC;YAC/C,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;YACtC,MAAM,CAAC,QAAQ,CAAC,IAAI,GAAG,GAAG,CAAC,QAAQ,EAAE,CAAC;QACxC,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YAC1C,IAAI,CAAC;gBACH,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,QAAQ,CAAC,CAAC;gBAC1D,IAAI,CAAC,WAAW,EAAE,CAAC;oBACjB,MAAM,IAAI,UAAU,CAAC,6BAA6B,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;gBACpC,MAAM,IAAI,UAAU,CAClB,qDAAqD,CACtD,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO,GAAG,CAAC;IACb,CAAC;IAED,OAAO;QACL,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAC5B,MAAM,CAAC,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;QACjE,CAAC;IACH,CAAC;CACF;AAED;;;GAGG;AACH,MAAM,OAAO,8BAA8B;IAC/B,MAAM,CAAuC;IAEvD,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED,uGAAuG;IACvG,4BAA4B;IAC5B,KAAK,CAAC,MAAM;QACV,OAAO,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IAC5C,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAe;QAC3B,OAAO,sBAAsB,CAAC;YAC5B,GAAG,IAAI,CAAC,MAAM;YACd,OAAO;SACR,CAAC,CAAC;IACL,CAAC;CACF;AAaD;;;GAGG;AACH,MAAM,OAAO,4BAA6B,SAAQ,8BAA8B;IAQlE;IAPJ,YAAY,CAA2B;IACvC,SAAS,CAAwB;IAEzC,0EAA0E;IAC1E,YACE,MAAmC;IACnC,6FAA6F;IACnF,eAAe,IAAI,+BAA+B,EAAE;QAE9D,KAAK,CAAC;YACJ,GAAG,MAAM;YACT,yDAAyD;YACzD,YAAY,EAAE,YAAY;SAC3B,CAAC,CAAC;QANO,iBAAY,GAAZ,YAAY,CAAwC;IAOhE,CAAC;IAED,kFAAkF;IAClF,oGAAoG;IACpG,kDAAkD;IAClD,KAAK,CAAC,IAAI;QACR,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAC9B,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,MAAM,CAAC,QAAQ,EACpB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,WAAW;SACrC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB;IACxB,uEAAuE;IACvE,uCAAuC;IACvC,KAAK,CAAC,aAAa,CACjB,IAAY,EACZ,KAAa;QAEb,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,CAAC;QAC/D,IAAI,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QAEzE,gCAAgC;QAChC,MAAM,MAAM,GAAG,MAAM,cAAc,CACjC,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,YAAY,EACjB,IAAI,CAAC,YAAa,EAAE,8CAA8C;QAClE,IAAI,CAAC,MAAM,CAAC,WAAW,EACvB,IAAI,CAAC,SAAU,CAChB,CAAC;QACF,MAAM,aAAa,GAAG,IAAI,mBAAmB,EAAE,CAAC;QAChD,MAAM,WAAW,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACzC,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,CAAC;QAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QACD,MAAM,WAAW,GAAG,IAAI,kBAAkB,CAAC,aAAa,CAAC,CAAC;QAC1D,MAAM,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC5B,mBAAmB,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC3C,uCAAuC;QACvC,MAAM,iBAAiB,GAAG,oBAAoB,CAC5C,KAAK,EACL,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;QAEF,IAAI,iBAAiB,KAAK,SAAS,EAAE,CAAC;YACpC,yBAAyB;YACzB,MAAM,CAAC,gBAAgB,CAAC,cAAc,EAAE,GAAG,EAAE;gBAC3C,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;YAC1B,CAAC,CAAC,CAAC;YACH,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QACD,8GAA8G;QAC9G,yBAAyB,CAAC,wBAAwB,CAAC,CAAC;QACpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,cAAc;QAClB,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;QAEpE,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,OAAO;YACL,aAAa,EAAE,CAAC,CAAC,WAAW,CAAC,QAAQ;YACrC,OAAO,EAAE,WAAW,CAAC,QAAQ;YAC7B,WAAW,EAAE,WAAW,CAAC,YAAY;YACrC,YAAY,EAAE,WAAW,CAAC,aAAa;YACvC,oBAAoB,EAAE,WAAW,CAAC,uBAAuB;SAC1D,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,uBAAuB;QAC3B,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;YAChD,IAAI,CAAC,WAAW,EAAE,OAAO,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;gBACtD,MAAM,sBAAsB,GAAG,EAAE,GAAG,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC;gBACxE,gDAAgD;gBAChD,OAAO,sBAAsB,CAAC;YAChC,CAAC;YACD,IAAI,CAAC,IAAI,CAAC,SAAS,IAAI,CAAC,IAAI,CAAC,YAAY;gBAAE,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;YAE7D,4DAA4D;YAC5D,MAAM,oBAAoB,CACxB;gBACE,YAAY,EAAE,WAAW,CAAC,WAAW;gBACrC,QAAQ,EAAE,WAAW,CAAC,OAAO;gBAC7B,aAAa,EAAE,WAAW,CAAC,YAAY;gBACvC,uBAAuB,EAAE,WAAW,CAAC,oBAAoB;aAC1D,EACD,IAAI,CAAC,SAAU,EACf,IAAI,CAAC,YAAa,EAClB,IAAI,CAAC,MAAM,CAAC,WAAW,CACxB,CAAC;YACF,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;YAC1D,MAAM,sBAAsB,GAAG;gBAC7B,aAAa,EAAE,KAAK;aACrB,CAAC;YACF,MAAM,WAAW,CAAC,IAAI,mBAAmB,EAAE,CAAC,CAAC;YAC7C,OAAO,sBAAsB,CAAC;QAChC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,qBAAqB;QACzB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC;IACpC,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,MAAmC;QAEnC,MAAM,QAAQ,GAAG,IAAI,4BAA4B,CAAC,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEtB,OAAO,QAAQ,CAAC;IAClB,CAAC;CACF","sourcesContent":["// Proposals for revised versions of the SessionService AKA AuthSessionService\n\nimport type {\n DisplayMode,\n Endpoints,\n IframeAuthMessage,\n LoginAppDesignOptions,\n LoginPostMessage,\n OIDCTokenResponseBody,\n SessionData,\n} from \"@/types.js\";\nimport {\n BrowserPublicClientPKCEProducer,\n ConfidentialClientPKCEConsumer,\n} from \"@/services/PKCE.js\";\nimport {\n clearTokens,\n clearUser,\n exchangeTokens,\n generateOauthLoginUrl,\n generateOauthLogoutUrl,\n getEndpointsWithOverrides,\n retrieveTokens,\n storeTokens,\n validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport { displayModeFromState, generateState } from \"@/lib/oauth.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport type {\n AuthenticationInitiator,\n AuthenticationResolver,\n PKCEConsumer,\n} from \"@/services/types.js\";\nimport { PopupError } from \"@/services/types.js\";\nimport { removeParamsWithoutReload } from \"@/lib/windowUtil.js\";\nimport { DEFAULT_OAUTH_GET_PARAMS, LOGOUT_STATE } from \"@/constants.js\";\nimport { validateLoginAppPostMessage } from \"@/lib/postMessage.js\";\nimport { getUser } from \"@/shared/lib/session.js\";\nimport { GenericUserSession } from \"@/shared/lib/UserSession.js\";\nimport { getIframeRef } from \"@/shared/lib/iframeUtils.js\";\n\nexport type GenericAuthenticationInitiatorConfig = {\n clientId: string;\n redirectUrl: string;\n state: string;\n scopes: string[];\n oauthServer: string;\n nonce?: string;\n // the endpoints to use for the login (if not obtained from the auth server)\n endpointOverrides?: Partial<Endpoints>;\n // used to get the PKCE challenge\n pkceConsumer: PKCEConsumer;\n};\n\nexport type BrowserAuthenticationInitiatorConfig = Omit<\n GenericAuthenticationInitiatorConfig,\n \"state\"\n> & {\n logoutUrl?: string;\n logoutRedirectUrl: string;\n // determines whether to trigger the login/logout in an iframe, a new browser window, or redirect the current one.\n displayMode: DisplayMode;\n};\n\nconst defaultSetDesignOptions = (value: LoginAppDesignOptions) => {\n localStorage.setItem(\"loginAppDesign\", JSON.stringify(value));\n};\n/**\n * An authentication initiator that works on a browser. Since this is just triggering\n * login and logout, session data is not stored here.\n * An associated AuthenticationResolver would be needed to get the session data.\n * Storage is needed for the code verifier, this is the domain of the PKCEConsumer\n * The storage used by the PKCEConsumer should be available to the AuthenticationResolver.\n *\n * Example usage:\n *\n * 1) Client-only SPA -eg a react app with no server:\n * new BrowserAuthenticationInitiator({\n * pkceConsumer: new BrowserPublicClientPKCEProducer(), // generate and retrieve the challenge client-side\n * ... other config\n * })\n *\n * 2) Client-side of a client/server app - eg a react app with a backend:\n * new BrowserAuthenticationInitiator({\n * pkceConsumer: new ConfidentialClientPKCEConsumer(\"https://myserver.com/pkce\"), // get the challenge from the server\n * ... other config\n * })\n */\nexport class BrowserAuthenticationInitiator implements AuthenticationInitiator {\n private postMessageHandler: null | ((event: MessageEvent) => void) = null;\n\n protected config: BrowserAuthenticationInitiatorConfig;\n\n public setDisplayMode(displayMode: DisplayMode) {\n this.config.displayMode = displayMode;\n }\n\n get displayMode() {\n return this.config.displayMode;\n }\n\n get isServerTokenExchange() {\n return this.config.pkceConsumer instanceof ConfidentialClientPKCEConsumer;\n }\n get state() {\n return generateState(this.config.displayMode, this.isServerTokenExchange);\n }\n constructor(\n config: typeof this.config,\n readonly setDesignOptions = defaultSetDesignOptions,\n ) {\n this.config = config;\n\n this.postMessageHandler = (event: MessageEvent) => {\n const thisURL = new URL(window.location.href);\n if (\n event.origin.endsWith(\"civic.com\") ||\n thisURL.hostname === \"localhost\"\n ) {\n if (!validateLoginAppPostMessage(event.data, this.config.clientId)) {\n return;\n }\n const loginMessage = event.data as LoginPostMessage;\n if (loginMessage.type === \"generatePopupFailed\") {\n this.handleLoginAppPopupFailed(\n (loginMessage.data as { url: string }).url,\n );\n return;\n }\n if (loginMessage.type === \"design\") {\n // TODO handle the design message\n this.handleLoginAppDesignUpdate(\n loginMessage.data as LoginAppDesignOptions,\n );\n return;\n }\n }\n };\n\n window.addEventListener(\"message\", this.postMessageHandler);\n }\n\n async handleLoginAppPopupFailed(redirectUrl: string) {\n console.warn(\n \"Login app popup failed open a popup, using redirect mode instead...\",\n redirectUrl,\n );\n window.location.href = redirectUrl;\n }\n\n async handleLoginAppDesignUpdate(options: LoginAppDesignOptions) {\n this.setDesignOptions(options);\n }\n\n // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n // and then use the display mode to decide how to send the user there\n async signIn(iframeRef: HTMLIFrameElement | null): Promise<URL> {\n const url = await generateOauthLoginUrl({\n ...this.config,\n state: this.state,\n });\n\n if (this.config.displayMode === \"iframe\") {\n const ref = getIframeRef(iframeRef);\n ref.setAttribute(\"src\", url.toString());\n }\n\n if (this.config.displayMode === \"redirect\") {\n window.location.href = url.toString();\n }\n\n if (this.config.displayMode === \"new_tab\") {\n try {\n const popupWindow = window.open(url.toString(), \"_blank\");\n if (!popupWindow) {\n throw new PopupError(\"Failed to open popup window\");\n }\n // TODO handle the 'onclose' event to clean up and reset the authStatus\n } catch (error) {\n console.error(\"popupWindow\", error);\n throw new PopupError(\n \"window.open has thrown: Failed to open popup window\",\n );\n }\n }\n\n return url;\n }\n\n protected handleIframeUrlChange(\n iframe: HTMLIFrameElement,\n expectedUrl: string,\n ): Promise<void> {\n return new Promise((resolve, reject) => {\n let interval: NodeJS.Timeout | undefined = undefined;\n let timeout: NodeJS.Timeout | undefined = undefined;\n\n const messageHandler = (event: MessageEvent) => {\n if (event.source !== iframe.contentWindow) {\n // This message did not originate from the iframe. Ignore it.\n return;\n }\n\n const message = event.data as IframeAuthMessage;\n\n if (\n message.source === \"civicloginApp\" &&\n (message.type === \"auth_error\" ||\n message.type === \"auth_error_try_again\")\n ) {\n clearInterval(interval);\n clearTimeout(timeout);\n window.removeEventListener(\"message\", messageHandler);\n reject(new Error(message.data.error || \"Authentication failed\"));\n return;\n }\n };\n\n window.addEventListener(\"message\", messageHandler);\n\n // Keep the existing URL check logic for success case\n const checkIframe = () => {\n try {\n const currentUrl = iframe.contentWindow?.location.href;\n if (currentUrl?.includes(expectedUrl)) {\n clearInterval(interval);\n window.removeEventListener(\"message\", messageHandler);\n resolve();\n }\n } catch {\n // Ignore cross-origin errors\n }\n };\n\n interval = setInterval(checkIframe, 100);\n\n // Timeout after 10 seconds\n timeout = setTimeout(() => {\n clearInterval(interval);\n window.removeEventListener(\"message\", messageHandler);\n reject(new Error(\"Timeout waiting for iframe URL change\"));\n }, 10000);\n });\n }\n\n async signOut(\n idToken: string | undefined,\n iframeRef: HTMLIFrameElement | null,\n ): Promise<URL> {\n let url;\n\n const state = this.state;\n if (this.isServerTokenExchange) {\n if (!this.config.logoutUrl) {\n throw new Error(\"logoutUrl is required for server token exchange\");\n }\n url = new URL(this.config.logoutUrl, window.location.origin);\n url.searchParams.append(\"state\", state);\n } else {\n if (!idToken) {\n throw new Error(\"idToken is required for non-server token exchange\");\n }\n url = await generateOauthLogoutUrl({\n ...this.config,\n idToken,\n state,\n redirectUrl: this.config.logoutRedirectUrl,\n });\n }\n\n if (this.config.displayMode === \"iframe\") {\n const ref = getIframeRef(iframeRef);\n ref.setAttribute(\"src\", url.toString());\n\n try {\n await this.handleIframeUrlChange(ref, this.config.logoutRedirectUrl);\n } catch (error) {\n console.log(\"Failed to sign out\", error);\n // on logout error, trigger the logout-callback directly,\n // if it is a logout from the server, so the the session is cleared\n // and user can still sign out.\n if (this.isServerTokenExchange) {\n url = new URL(this.config.logoutRedirectUrl, window.location.origin);\n url.searchParams.append(\"state\", state);\n url.searchParams.append(\"appUrl\", window.location.origin);\n ref.setAttribute(\"src\", url.toString());\n }\n }\n }\n\n if (this.config.displayMode === \"redirect\") {\n const localStorage = new LocalStorageAdapter();\n localStorage.set(LOGOUT_STATE, state);\n window.location.href = url.toString();\n }\n\n if (this.config.displayMode === \"new_tab\") {\n try {\n const popupWindow = window.open(url.toString(), \"_blank\");\n if (!popupWindow) {\n throw new PopupError(\"Failed to open popup window\");\n }\n } catch (error) {\n console.error(\"popupWindow\", error);\n throw new PopupError(\n \"window.open has thrown: Failed to open popup window\",\n );\n }\n }\n\n return url;\n }\n\n cleanup() {\n if (this.postMessageHandler) {\n window.removeEventListener(\"message\", this.postMessageHandler);\n }\n }\n}\n\n/** A general-purpose authentication initiator, that just generates urls, but lets\n * the caller decide how to use them. This is useful for server-side applications\n * that may serve this URL to their front-ends or just call them directly\n */\nexport class GenericAuthenticationInitiator implements AuthenticationInitiator {\n protected config: GenericAuthenticationInitiatorConfig;\n\n constructor(config: typeof this.config) {\n this.config = config;\n }\n\n // Use the config (Client ID, scopes OAuth Server, Endpoints, PKCEConsumer) to generate a new login url\n // and simply return the url\n async signIn(): Promise<URL> {\n return generateOauthLoginUrl(this.config);\n }\n\n async signOut(idToken: string): Promise<URL> {\n return generateOauthLogoutUrl({\n ...this.config,\n idToken,\n });\n }\n}\n\ntype BrowserAuthenticationConfig = {\n clientId: string;\n redirectUrl: string;\n logoutUrl?: string;\n logoutRedirectUrl: string;\n scopes: string[];\n oauthServer: string;\n endpointOverrides?: Partial<Endpoints>;\n displayMode: DisplayMode;\n};\n\n/**\n * An authentication resolver that can run on the browser (i.e. a public client)\n * It uses PKCE for security. PKCE and Session data are stored in local storage\n */\nexport class BrowserAuthenticationService extends BrowserAuthenticationInitiator {\n private oauth2client: OAuth2Client | undefined;\n private endpoints: Endpoints | undefined;\n\n // TODO WIP - perhaps we want to keep resolver and initiator separate here\n constructor(\n config: BrowserAuthenticationConfig,\n // Since we are running fully on the client, we produce as well as consume the PKCE challenge\n protected pkceProducer = new BrowserPublicClientPKCEProducer(),\n ) {\n super({\n ...config,\n // Store and retrieve the PKCE challenge in local storage\n pkceConsumer: pkceProducer,\n });\n }\n\n // TODO too much code duplication here between the browser and the server variant.\n // Suggestion for refactor: Standardise the config for AuthenticationResolvers and create a one-shot\n // function for generating an oauth2client from it\n async init(): Promise<this> {\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.config.oauthServer,\n this.config.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.config.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.config.redirectUrl,\n },\n );\n\n return this;\n }\n\n // Two responsibilities:\n // 1. resolve the auth code to get the tokens (should use library code)\n // 2. store the tokens in local storage\n async tokenExchange(\n code: string,\n state: string,\n ): Promise<OIDCTokenResponseBody> {\n if (!this.oauth2client) await this.init();\n const codeVerifier = await this.pkceProducer.getCodeVerifier();\n if (!codeVerifier) throw new Error(\"Code verifier not found in storage\");\n\n // exchange auth code for tokens\n const tokens = await exchangeTokens(\n code,\n state,\n this.pkceProducer,\n this.oauth2client!, // clean up types here to avoid the ! operator\n this.config.oauthServer,\n this.endpoints!, // clean up types here to avoid the ! operator\n );\n const clientStorage = new LocalStorageAdapter();\n await storeTokens(clientStorage, tokens);\n const user = await getUser(clientStorage);\n if (!user) {\n throw new Error(\"Failed to get user info\");\n }\n const userSession = new GenericUserSession(clientStorage);\n await userSession.set(user);\n LocalStorageAdapter.emitter.emit(\"signIn\");\n // cleanup the browser window if needed\n const parsedDisplayMode = displayModeFromState(\n state,\n this.config.displayMode,\n );\n\n if (parsedDisplayMode === \"new_tab\") {\n // Close the popup window\n window.addEventListener(\"beforeunload\", () => {\n window?.opener?.focus();\n });\n window.close();\n }\n // these are the default oAuth params that get added to the URL in redirect which we want to remove if present\n removeParamsWithoutReload(DEFAULT_OAUTH_GET_PARAMS);\n return tokens;\n }\n\n // Get the session data from local storage\n async getSessionData(): Promise<SessionData | null> {\n const storageData = await retrieveTokens(new LocalStorageAdapter());\n\n if (!storageData) return null;\n\n return {\n authenticated: !!storageData.id_token,\n idToken: storageData.id_token,\n accessToken: storageData.access_token,\n refreshToken: storageData.refresh_token,\n accessTokenExpiresAt: storageData.access_token_expires_at,\n };\n }\n\n async validateExistingSession(): Promise<SessionData> {\n try {\n const sessionData = await this.getSessionData();\n if (!sessionData?.idToken || !sessionData.accessToken) {\n const unAuthenticatedSession = { ...sessionData, authenticated: false };\n // await clearTokens(new LocalStorageAdapter());\n return unAuthenticatedSession;\n }\n if (!this.endpoints || !this.oauth2client) await this.init();\n\n // this function will throw if any of the tokens are invalid\n await validateOauth2Tokens(\n {\n access_token: sessionData.accessToken,\n id_token: sessionData.idToken,\n refresh_token: sessionData.refreshToken,\n access_token_expires_at: sessionData.accessTokenExpiresAt,\n },\n this.endpoints!,\n this.oauth2client!,\n this.config.oauthServer,\n );\n return sessionData;\n } catch (error) {\n console.warn(\"Failed to validate existing tokens\", error);\n const unAuthenticatedSession = {\n authenticated: false,\n };\n await clearTokens(new LocalStorageAdapter());\n return unAuthenticatedSession;\n }\n }\n\n async getEndSessionEndpoint(): Promise<string | null> {\n if (!this.endpoints) {\n return null;\n }\n return this.endpoints?.endsession;\n }\n\n static async build(\n config: BrowserAuthenticationConfig,\n ): Promise<AuthenticationResolver> {\n const resolver = new BrowserAuthenticationService(config);\n await resolver.init();\n\n return resolver;\n }\n}\n"]}
package/dist/esm/shared/components/CivicAuthIframe.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"CivicAuthIframe.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframe.tsx"],"names":[],"mappings":"AACA,OAAO,KAAqB,MAAM,OAAO,CAAC;AAK1C,KAAK,oBAAoB,GAAG;IAC1B,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF,QAAA,MAAM,eAAe,gGA2CpB,CAAC;AAIF,YAAY,EAAE,oBAAoB,EAAE,CAAC;AAErC,OAAO,EAAE,eAAe,EAAE,CAAC"}
1
+ {"version":3,"file":"CivicAuthIframe.d.ts","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframe.tsx"],"names":[],"mappings":"AACA,OAAO,KAA0C,MAAM,OAAO,CAAC;AAK/D,KAAK,oBAAoB,GAAG;IAC1B,MAAM,CAAC,EAAE,MAAM,IAAI,CAAC;IACpB,EAAE,EAAE,MAAM,CAAC;CACZ,CAAC;AAEF,QAAA,MAAM,eAAe,gGAiDpB,CAAC;AAIF,YAAY,EAAE,oBAAoB,EAAE,CAAC;AAErC,OAAO,EAAE,eAAe,EAAE,CAAC"}
package/dist/esm/shared/components/CivicAuthIframe.js CHANGED
@@ -1,13 +1,19 @@
1
1
  "use client";
2
2
  import { jsx as _jsx, jsxs as _jsxs } from "@emotion/react/jsx-runtime";
3
- import React, { forwardRef } from "react";
3
+ import React, { forwardRef, useEffect, useState } from "react";
4
4
  import IframeResizer from "@iframe-resizer/react";
5
5
  import SVGLoading from "./SVGLoading.js";
6
6
  import { useIframe } from "../hooks/useIframe.js";
7
7
  const CivicAuthIframe = forwardRef(({ onLoad, id }, ref) => {
8
8
  const [isLoaded, setIsLoaded] = React.useState(false);
9
9
  const { iframeMode, backgroundColor } = useIframe();
10
- return (_jsxs("div", { children: [isLoaded ? null : (_jsx("span", { "data-testid": "iframe-shimmer-loader", children: iframeMode !== "embedded" && (_jsx(SVGLoading, { backgroundColor: backgroundColor })) })), _jsx(IframeResizer, { inPageLinks: true, license: "1jy4dww5qzv-s54r73oxcn-v59f4kfgfz", id: id, forwardRef: ref, "data-testid": "civic-auth-iframe-with-resizer", style: {
10
+ const [isClient, setIsClient] = useState(false);
11
+ useEffect(() => {
12
+ // only runs on client
13
+ setIsClient(true);
14
+ }, []);
15
+ // don't render on the server as the appearance changes when the iframe is loaded from login-app post-messages
16
+ return !isClient ? null : (_jsxs("div", { children: [isLoaded ? null : (_jsx("span", { "data-testid": "iframe-shimmer-loader", children: iframeMode !== "embedded" && (_jsx(SVGLoading, { backgroundColor: backgroundColor })) })), _jsx(IframeResizer, { inPageLinks: true, license: "1jy4dww5qzv-s54r73oxcn-v59f4kfgfz", id: id, forwardRef: ref, "data-testid": "civic-auth-iframe-with-resizer", style: {
11
17
  // we don't want the letterbox effect in embedded mode
12
18
  height: iframeMode !== "embedded" ? "26px" : "24rem",
13
19
  width: "100%",
package/dist/esm/shared/components/CivicAuthIframe.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"CivicAuthIframe.js","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframe.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AACb,OAAO,KAAK,EAAE,EAAE,UAAU,EAAE,MAAM,OAAO,CAAC;AAC1C,OAAO,aAAa,MAAM,uBAAuB,CAAC;AAClD,OAAO,UAAU,MAAM,iBAAiB,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAOlD,MAAM,eAAe,GAAG,UAAU,CAChC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE;IACtB,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtD,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,SAAS,EAAE,CAAC;IACpD,OAAO,CACL,0BACG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CACjB,8BAAkB,uBAAuB,YACtC,UAAU,KAAK,UAAU,IAAI,CAC5B,KAAC,UAAU,IAAC,eAAe,EAAE,eAAe,GAAI,CACjD,GACI,CACR,EACD,KAAC,aAAa,IACZ,WAAW,QACX,OAAO,EAAC,mCAAmC,EAC3C,EAAE,EAAE,EAAE,EACN,UAAU,EAAE,GAAG,iBACF,gCAAgC,EAC7C,KAAK,EAAE;oBACL,sDAAsD;oBACtD,MAAM,EAAE,UAAU,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;oBACpD,KAAK,EAAE,MAAM;oBACb,MAAM,EAAE,MAAM;oBACd,QAAQ,EAAE,MAAM;oBAChB,eAAe;oBACf,UAAU,EAAE,mBAAmB;oBAC/B,aAAa,EAAE,MAAM;oBACrB,YAAY,EAAE,MAAM;iBACrB,EACD,WAAW,EAAE,KAAK,EAClB,MAAM,EAAE,GAAG,EAAE;oBACX,WAAW,CAAC,IAAI,CAAC,CAAC;oBAClB,MAAM,EAAE,EAAE,CAAC;gBACb,CAAC,EACD,KAAK,EAAC,0BAA0B,EAChC,eAAe,QACf,SAAS,EAAC,UAAU,EACpB,cAAc,EAAE,CAAC,GACjB,IACE,CACP,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,eAAe,CAAC,WAAW,GAAG,iBAAiB,CAAC;AAIhD,OAAO,EAAE,eAAe,EAAE,CAAC","sourcesContent":["\"use client\";\nimport React, { forwardRef } from \"react\";\nimport IframeResizer from \"@iframe-resizer/react\";\nimport SVGLoading from \"./SVGLoading.js\";\nimport { useIframe } from \"../hooks/useIframe.js\";\n\ntype CivicAuthIframeProps = {\n onLoad?: () => void;\n id: string;\n};\n\nconst CivicAuthIframe = forwardRef<HTMLIFrameElement, CivicAuthIframeProps>(\n ({ onLoad, id }, ref) => {\n const [isLoaded, setIsLoaded] = React.useState(false);\n const { iframeMode, backgroundColor } = useIframe();\n return (\n <div>\n {isLoaded ? null : (\n <span data-testid=\"iframe-shimmer-loader\">\n {iframeMode !== \"embedded\" && (\n <SVGLoading backgroundColor={backgroundColor} />\n )}\n </span>\n )}\n <IframeResizer\n inPageLinks\n license=\"1jy4dww5qzv-s54r73oxcn-v59f4kfgfz\"\n id={id}\n forwardRef={ref}\n data-testid={\"civic-auth-iframe-with-resizer\"}\n style={{\n // we don't want the letterbox effect in embedded mode\n height: iframeMode !== \"embedded\" ? \"26px\" : \"24rem\",\n width: \"100%\",\n border: \"none\",\n minWidth: \"100%\",\n backgroundColor,\n transition: \"height 0.25s ease\",\n pointerEvents: \"auto\",\n borderRadius: \"24px\",\n }}\n checkOrigin={false}\n onLoad={() => {\n setIsLoaded(true);\n onLoad?.();\n }}\n allow=\"camera; screen-wake-lock\"\n allowFullScreen\n direction=\"vertical\"\n warningTimeout={0}\n />\n </div>\n );\n },\n);\n\nCivicAuthIframe.displayName = \"CivicAuthIframe\";\n\nexport type { CivicAuthIframeProps };\n\nexport { CivicAuthIframe };\n"]}
1
+ {"version":3,"file":"CivicAuthIframe.js","sourceRoot":"","sources":["../../../../src/shared/components/CivicAuthIframe.tsx"],"names":[],"mappings":"AAAA,YAAY,CAAC;;AACb,OAAO,KAAK,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AAC/D,OAAO,aAAa,MAAM,uBAAuB,CAAC;AAClD,OAAO,UAAU,MAAM,iBAAiB,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAOlD,MAAM,eAAe,GAAG,UAAU,CAChC,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE;IACtB,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACtD,MAAM,EAAE,UAAU,EAAE,eAAe,EAAE,GAAG,SAAS,EAAE,CAAC;IACpD,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChD,SAAS,CAAC,GAAG,EAAE;QACb,sBAAsB;QACtB,WAAW,CAAC,IAAI,CAAC,CAAC;IACpB,CAAC,EAAE,EAAE,CAAC,CAAC;IACP,8GAA8G;IAC9G,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CACxB,0BACG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CACjB,8BAAkB,uBAAuB,YACtC,UAAU,KAAK,UAAU,IAAI,CAC5B,KAAC,UAAU,IAAC,eAAe,EAAE,eAAe,GAAI,CACjD,GACI,CACR,EACD,KAAC,aAAa,IACZ,WAAW,QACX,OAAO,EAAC,mCAAmC,EAC3C,EAAE,EAAE,EAAE,EACN,UAAU,EAAE,GAAG,iBACF,gCAAgC,EAC7C,KAAK,EAAE;oBACL,sDAAsD;oBACtD,MAAM,EAAE,UAAU,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;oBACpD,KAAK,EAAE,MAAM;oBACb,MAAM,EAAE,MAAM;oBACd,QAAQ,EAAE,MAAM;oBAChB,eAAe;oBACf,UAAU,EAAE,mBAAmB;oBAC/B,aAAa,EAAE,MAAM;oBACrB,YAAY,EAAE,MAAM;iBACrB,EACD,WAAW,EAAE,KAAK,EAClB,MAAM,EAAE,GAAG,EAAE;oBACX,WAAW,CAAC,IAAI,CAAC,CAAC;oBAClB,MAAM,EAAE,EAAE,CAAC;gBACb,CAAC,EACD,KAAK,EAAC,0BAA0B,EAChC,eAAe,QACf,SAAS,EAAC,UAAU,EACpB,cAAc,EAAE,CAAC,GACjB,IACE,CACP,CAAC;AACJ,CAAC,CACF,CAAC;AAEF,eAAe,CAAC,WAAW,GAAG,iBAAiB,CAAC;AAIhD,OAAO,EAAE,eAAe,EAAE,CAAC","sourcesContent":["\"use client\";\nimport React, { forwardRef, useEffect, useState } from \"react\";\nimport IframeResizer from \"@iframe-resizer/react\";\nimport SVGLoading from \"./SVGLoading.js\";\nimport { useIframe } from \"../hooks/useIframe.js\";\n\ntype CivicAuthIframeProps = {\n onLoad?: () => void;\n id: string;\n};\n\nconst CivicAuthIframe = forwardRef<HTMLIFrameElement, CivicAuthIframeProps>(\n ({ onLoad, id }, ref) => {\n const [isLoaded, setIsLoaded] = React.useState(false);\n const { iframeMode, backgroundColor } = useIframe();\n const [isClient, setIsClient] = useState(false);\n useEffect(() => {\n // only runs on client\n setIsClient(true);\n }, []);\n // don't render on the server as the appearance changes when the iframe is loaded from login-app post-messages\n return !isClient ? null : (\n <div>\n {isLoaded ? null : (\n <span data-testid=\"iframe-shimmer-loader\">\n {iframeMode !== \"embedded\" && (\n <SVGLoading backgroundColor={backgroundColor} />\n )}\n </span>\n )}\n <IframeResizer\n inPageLinks\n license=\"1jy4dww5qzv-s54r73oxcn-v59f4kfgfz\"\n id={id}\n forwardRef={ref}\n data-testid={\"civic-auth-iframe-with-resizer\"}\n style={{\n // we don't want the letterbox effect in embedded mode\n height: iframeMode !== \"embedded\" ? \"26px\" : \"24rem\",\n width: \"100%\",\n border: \"none\",\n minWidth: \"100%\",\n backgroundColor,\n transition: \"height 0.25s ease\",\n pointerEvents: \"auto\",\n borderRadius: \"24px\",\n }}\n checkOrigin={false}\n onLoad={() => {\n setIsLoaded(true);\n onLoad?.();\n }}\n allow=\"camera; screen-wake-lock\"\n allowFullScreen\n direction=\"vertical\"\n warningTimeout={0}\n />\n </div>\n );\n },\n);\n\nCivicAuthIframe.displayName = \"CivicAuthIframe\";\n\nexport type { CivicAuthIframeProps };\n\nexport { CivicAuthIframe };\n"]}
package/dist/esm/shared/hooks/useClientTokenExchangeSession.d.ts ADDED
@@ -0,0 +1,3 @@
1
+ declare const useClientTokenExchangeSession: () => import("../../shared/providers/ClientTokenExchangeSessionProvider.js").ClientTokenExchangeSessionProviderOutput;
2
+ export { useClientTokenExchangeSession };
3
+ //# sourceMappingURL=useClientTokenExchangeSession.d.ts.map
package/dist/esm/shared/hooks/useClientTokenExchangeSession.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"useClientTokenExchangeSession.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useClientTokenExchangeSession.ts"],"names":[],"mappings":"AAKA,QAAA,MAAM,6BAA6B,mHAMlC,CAAC;AAEF,OAAO,EAAE,6BAA6B,EAAE,CAAC"}
package/dist/esm/shared/hooks/useClientTokenExchangeSession.js ADDED
@@ -0,0 +1,13 @@
1
+ "use client";
2
+ import { useContext } from "react";
3
+ import { ClientTokenExchangeSessionContext } from "../../shared/providers/ClientTokenExchangeSessionProvider.js";
4
+ // TokenProvider will use this internal context to access session
5
+ const useClientTokenExchangeSession = () => {
6
+ const context = useContext(ClientTokenExchangeSessionContext);
7
+ if (!context) {
8
+ throw new Error("useSession must be used within an SessionProvider");
9
+ }
10
+ return context;
11
+ };
12
+ export { useClientTokenExchangeSession };
13
+ //# sourceMappingURL=useClientTokenExchangeSession.js.map
package/dist/esm/shared/hooks/useClientTokenExchangeSession.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"useClientTokenExchangeSession.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useClientTokenExchangeSession.ts"],"names":[],"mappings":"AAAA,YAAY,CAAC;AACb,OAAO,EAAE,UAAU,EAAE,MAAM,OAAO,CAAC;AACnC,OAAO,EAAE,iCAAiC,EAAE,MAAM,0DAA0D,CAAC;AAE7G,iEAAiE;AACjE,MAAM,6BAA6B,GAAG,GAAG,EAAE;IACzC,MAAM,OAAO,GAAG,UAAU,CAAC,iCAAiC,CAAC,CAAC;IAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,OAAO,CAAC;AACjB,CAAC,CAAC;AAEF,OAAO,EAAE,6BAA6B,EAAE,CAAC","sourcesContent":["\"use client\";\nimport { useContext } from \"react\";\nimport { ClientTokenExchangeSessionContext } from \"@/shared/providers/ClientTokenExchangeSessionProvider.js\";\n\n// TokenProvider will use this internal context to access session\nconst useClientTokenExchangeSession = () => {\n const context = useContext(ClientTokenExchangeSessionContext);\n if (!context) {\n throw new Error(\"useSession must be used within an SessionProvider\");\n }\n return context;\n};\n\nexport { useClientTokenExchangeSession };\n"]}
package/dist/esm/shared/hooks/useRefresh.d.ts CHANGED
@@ -1,4 +1,6 @@
1
1
  import type { SessionData } from "../../types.js";
2
- declare const useRefresh: (session: SessionData | null) => void;
2
+ declare const useRefresh: (session: SessionData | null) => {
3
+ error: Error | undefined;
4
+ };
3
5
  export { useRefresh };
4
6
  //# sourceMappingURL=useRefresh.d.ts.map
package/dist/esm/shared/hooks/useRefresh.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"useRefresh.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useRefresh.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAI9C,QAAA,MAAM,UAAU,YAAa,WAAW,GAAG,IAAI,SAuC9C,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC"}
1
+ {"version":3,"file":"useRefresh.d.ts","sourceRoot":"","sources":["../../../../src/shared/hooks/useRefresh.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAI9C,QAAA,MAAM,UAAU,YAAa,WAAW,GAAG,IAAI;;CAgD9C,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC"}
package/dist/esm/shared/hooks/useRefresh.js CHANGED
@@ -1,10 +1,11 @@
1
1
  import { useEffect, useMemo, useState } from "react";
2
2
  import { useCivicAuthConfig } from "./useCivicAuthConfig.js";
3
- import { AuthenticationRefresherImpl } from "../lib/AuthenticationRefresherImpl.js";
4
3
  import { LocalStorageAdapter } from "../../browser/storage.js";
4
+ import { BrowserAuthenticationRefresher } from "../lib/BrowserAuthenticationRefresher.js";
5
5
  const useRefresh = (session) => {
6
6
  const authConfig = useCivicAuthConfig();
7
7
  const storage = useMemo(() => new LocalStorageAdapter(), []);
8
+ const [error, setError] = useState();
8
9
  // setup token autorefresh
9
10
  const [refresher, setRefresher] = useState(undefined);
10
11
  useEffect(() => {
@@ -12,7 +13,11 @@ const useRefresh = (session) => {
12
13
  return;
13
14
  const abortController = new AbortController();
14
15
  const currentRefresher = refresher;
15
- AuthenticationRefresherImpl.build({ ...authConfig }, storage).then((newRefresher) => {
16
+ const onError = async (error) => {
17
+ console.error("Error refreshing token", error);
18
+ setError(error);
19
+ };
20
+ BrowserAuthenticationRefresher.build({ ...authConfig }, storage, onError).then((newRefresher) => {
16
21
  if (abortController.signal.aborted)
17
22
  return;
18
23
  currentRefresher?.clearAutorefresh();
@@ -33,6 +38,9 @@ const useRefresh = (session) => {
33
38
  }
34
39
  return () => refresher?.clearAutorefresh();
35
40
  }, [refresher, session?.authenticated]);
41
+ return {
42
+ error,
43
+ };
36
44
  };
37
45
  export { useRefresh };
38
46
  //# sourceMappingURL=useRefresh.js.map
package/dist/esm/shared/hooks/useRefresh.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"useRefresh.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useRefresh.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,OAAO,EAAE,2BAA2B,EAAE,MAAM,uCAAuC,CAAC;AACpF,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAE3D,MAAM,UAAU,GAAG,CAAC,OAA2B,EAAE,EAAE;IACjD,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IACxC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,IAAI,mBAAmB,EAAE,EAAE,EAAE,CAAC,CAAC;IAE7D,0BAA0B;IAC1B,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAExC,SAAS,CAAC,CAAC;IAEb,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU;YAAE,OAAO;QACxB,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,gBAAgB,GAAG,SAAS,CAAC;QAEnC,2BAA2B,CAAC,KAAK,CAAC,EAAE,GAAG,UAAU,EAAE,EAAE,OAAO,CAAC,CAAC,IAAI,CAChE,CAAC,YAAY,EAAE,EAAE;YACf,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO;gBAAE,OAAO;YAE3C,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;YACrC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC7B,CAAC,CACF,CAAC;QAEF,OAAO,GAAG,EAAE;YACV,eAAe,CAAC,KAAK,EAAE,CAAC;YACxB,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;QACvC,CAAC,CAAC;QACF,uDAAuD;IACzD,CAAC,EAAE,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,uCAAuC;IAElE,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;YAC3B,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;QAED,OAAO,GAAG,EAAE,CAAC,SAAS,EAAE,gBAAgB,EAAE,CAAC;IAC7C,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;AAC1C,CAAC,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC","sourcesContent":["import { useEffect, useMemo, useState } from \"react\";\nimport { useCivicAuthConfig } from \"./useCivicAuthConfig.js\";\nimport type { SessionData } from \"@/types.js\";\nimport { AuthenticationRefresherImpl } from \"../lib/AuthenticationRefresherImpl.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\n\nconst useRefresh = (session: SessionData | null) => {\n const authConfig = useCivicAuthConfig();\n const storage = useMemo(() => new LocalStorageAdapter(), []);\n\n // setup token autorefresh\n const [refresher, setRefresher] = useState<\n AuthenticationRefresherImpl | undefined\n >(undefined);\n\n useEffect(() => {\n if (!authConfig) return;\n const abortController = new AbortController();\n const currentRefresher = refresher;\n\n AuthenticationRefresherImpl.build({ ...authConfig }, storage).then(\n (newRefresher) => {\n if (abortController.signal.aborted) return;\n\n currentRefresher?.clearAutorefresh();\n setRefresher(newRefresher);\n },\n );\n\n return () => {\n abortController.abort();\n currentRefresher?.clearAutorefresh();\n };\n // eslint-disable-next-line react-hooks/exhaustive-deps\n }, [authConfig, storage]); // Only depend on what actually changes\n\n useEffect(() => {\n if (session?.authenticated) {\n refresher?.setupAutorefresh();\n } else {\n refresher?.clearAutorefresh();\n }\n\n return () => refresher?.clearAutorefresh();\n }, [refresher, session?.authenticated]);\n};\n\nexport { useRefresh };\n"]}
1
+ {"version":3,"file":"useRefresh.js","sourceRoot":"","sources":["../../../../src/shared/hooks/useRefresh.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAE7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,8BAA8B,EAAE,MAAM,0CAA0C,CAAC;AAE1F,MAAM,UAAU,GAAG,CAAC,OAA2B,EAAE,EAAE;IACjD,MAAM,UAAU,GAAG,kBAAkB,EAAE,CAAC;IACxC,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,IAAI,mBAAmB,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7D,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,EAAS,CAAC;IAC5C,0BAA0B;IAC1B,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAExC,SAAS,CAAC,CAAC;IAEb,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,CAAC,UAAU;YAAE,OAAO;QACxB,MAAM,eAAe,GAAG,IAAI,eAAe,EAAE,CAAC;QAC9C,MAAM,gBAAgB,GAAG,SAAS,CAAC;QAEnC,MAAM,OAAO,GAAG,KAAK,EAAE,KAAY,EAAE,EAAE;YACrC,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;YAC/C,QAAQ,CAAC,KAAK,CAAC,CAAC;QAClB,CAAC,CAAC;QACF,8BAA8B,CAAC,KAAK,CAClC,EAAE,GAAG,UAAU,EAAE,EACjB,OAAO,EACP,OAAO,CACR,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,EAAE;YACtB,IAAI,eAAe,CAAC,MAAM,CAAC,OAAO;gBAAE,OAAO;YAE3C,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;YACrC,YAAY,CAAC,YAAY,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;QAEH,OAAO,GAAG,EAAE;YACV,eAAe,CAAC,KAAK,EAAE,CAAC;YACxB,gBAAgB,EAAE,gBAAgB,EAAE,CAAC;QACvC,CAAC,CAAC;QACF,uDAAuD;IACzD,CAAC,EAAE,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,uCAAuC;IAElE,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,OAAO,EAAE,aAAa,EAAE,CAAC;YAC3B,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,SAAS,EAAE,gBAAgB,EAAE,CAAC;QAChC,CAAC;QAED,OAAO,GAAG,EAAE,CAAC,SAAS,EAAE,gBAAgB,EAAE,CAAC;IAC7C,CAAC,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC;IACxC,OAAO;QACL,KAAK;KACN,CAAC;AACJ,CAAC,CAAC;AAEF,OAAO,EAAE,UAAU,EAAE,CAAC","sourcesContent":["import { useEffect, useMemo, useState } from \"react\";\nimport { useCivicAuthConfig } from \"./useCivicAuthConfig.js\";\nimport type { SessionData } from \"@/types.js\";\nimport { LocalStorageAdapter } from \"@/browser/storage.js\";\nimport { BrowserAuthenticationRefresher } from \"../lib/BrowserAuthenticationRefresher.js\";\n\nconst useRefresh = (session: SessionData | null) => {\n const authConfig = useCivicAuthConfig();\n const storage = useMemo(() => new LocalStorageAdapter(), []);\n const [error, setError] = useState<Error>();\n // setup token autorefresh\n const [refresher, setRefresher] = useState<\n BrowserAuthenticationRefresher | undefined\n >(undefined);\n\n useEffect(() => {\n if (!authConfig) return;\n const abortController = new AbortController();\n const currentRefresher = refresher;\n\n const onError = async (error: Error) => {\n console.error(\"Error refreshing token\", error);\n setError(error);\n };\n BrowserAuthenticationRefresher.build(\n { ...authConfig },\n storage,\n onError,\n ).then((newRefresher) => {\n if (abortController.signal.aborted) return;\n\n currentRefresher?.clearAutorefresh();\n setRefresher(newRefresher);\n });\n\n return () => {\n abortController.abort();\n currentRefresher?.clearAutorefresh();\n };\n // eslint-disable-next-line react-hooks/exhaustive-deps\n }, [authConfig, storage]); // Only depend on what actually changes\n\n useEffect(() => {\n if (session?.authenticated) {\n refresher?.setupAutorefresh();\n } else {\n refresher?.clearAutorefresh();\n }\n\n return () => refresher?.clearAutorefresh();\n }, [refresher, session?.authenticated]);\n return {\n error,\n };\n};\n\nexport { useRefresh };\n"]}
package/dist/esm/shared/lib/AuthenticationRefresherImpl.d.ts CHANGED
@@ -5,9 +5,9 @@ export declare class AuthenticationRefresherImpl extends GenericAuthenticationRe
5
5
  protected endpointOverrides?: Partial<Endpoints> | undefined;
6
6
  private endpoints;
7
7
  private oauth2client;
8
- constructor(authConfig: AuthConfig, storage: AuthStorage, endpointOverrides?: Partial<Endpoints> | undefined);
8
+ constructor(authConfig: AuthConfig, storage: AuthStorage, onError: (error: Error) => Promise<void>, endpointOverrides?: Partial<Endpoints> | undefined);
9
9
  init(): Promise<this>;
10
- static build(authConfig: AuthConfig, storage: AuthStorage, endpointOverrides?: Partial<Endpoints>): Promise<AuthenticationRefresherImpl>;
10
+ static build(authConfig: AuthConfig, storage: AuthStorage, onError: (error: Error) => Promise<void>, endpointOverrides?: Partial<Endpoints>): Promise<AuthenticationRefresherImpl>;
11
11
  storeTokens(tokenResponseBody: OIDCTokenResponseBody): Promise<void>;
12
12
  refreshAccessToken(): Promise<OIDCTokenResponseBody>;
13
13
  }
package/dist/esm/shared/lib/AuthenticationRefresherImpl.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AuthenticationRefresherImpl.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/AuthenticationRefresherImpl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAMrD,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAEhF,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF,qBAAa,2BAA4B,SAAQ,8BAA8B;IAM3E,SAAS,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC;IALlD,OAAO,CAAC,SAAS,CAAwB;IACzC,OAAO,CAAC,YAAY,CAA2B;gBAE7C,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACV,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,YAAA;IAQ5C,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;WAmBd,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GACrC,OAAO,CAAC,2BAA2B,CAAC;IAWjC,WAAW,CAAC,iBAAiB,EAAE,qBAAqB,GAAG,OAAO,CAAC,IAAI,CAAC;IAKpE,kBAAkB,IAAI,OAAO,CAAC,qBAAqB,CAAC;CAoB3D"}
1
+ {"version":3,"file":"AuthenticationRefresherImpl.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/AuthenticationRefresherImpl.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAMrD,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAEhF,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF,qBAAa,2BAA4B,SAAQ,8BAA8B;IAO3E,SAAS,CAAC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC;IANlD,OAAO,CAAC,SAAS,CAAwB;IACzC,OAAO,CAAC,YAAY,CAA2B;gBAE7C,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EAC9B,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,YAAA;IAQ5C,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;WAmBd,KAAK,CAChB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EACxC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GACrC,OAAO,CAAC,2BAA2B,CAAC;IAYjC,WAAW,CAAC,iBAAiB,EAAE,qBAAqB,GAAG,OAAO,CAAC,IAAI,CAAC;IAKpE,kBAAkB,IAAI,OAAO,CAAC,qBAAqB,CAAC;CAsB3D"}
package/dist/esm/shared/lib/AuthenticationRefresherImpl.js CHANGED
@@ -5,8 +5,8 @@ export class AuthenticationRefresherImpl extends GenericAuthenticationRefresher
5
5
  endpointOverrides;
6
6
  endpoints;
7
7
  oauth2client;
8
- constructor(authConfig, storage, endpointOverrides) {
9
- super();
8
+ constructor(authConfig, storage, onError, endpointOverrides) {
9
+ super(onError);
10
10
  this.endpointOverrides = endpointOverrides;
11
11
  this.authConfig = authConfig;
12
12
  this.storage = storage;
@@ -22,8 +22,8 @@ export class AuthenticationRefresherImpl extends GenericAuthenticationRefresher
22
22
  });
23
23
  return this;
24
24
  }
25
- static async build(authConfig, storage, endpointOverrides) {
26
- const refresher = new AuthenticationRefresherImpl(authConfig, storage, endpointOverrides);
25
+ static async build(authConfig, storage, onError, endpointOverrides) {
26
+ const refresher = new AuthenticationRefresherImpl(authConfig, storage, onError, endpointOverrides);
27
27
  await refresher.init();
28
28
  return refresher;
29
29
  }
@@ -36,6 +36,9 @@ export class AuthenticationRefresherImpl extends GenericAuthenticationRefresher
36
36
  if (!this.storage)
37
37
  throw new Error("No storage available");
38
38
  const refreshToken = await this.getRefreshToken();
39
+ console.log("AuthenticationRefresherImpl refreshAccessToken", {
40
+ refreshToken,
41
+ });
39
42
  if (!this.oauth2client)
40
43
  this.init();
41
44
  const oauth2Client = this.oauth2client;
package/dist/esm/shared/lib/AuthenticationRefresherImpl.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AuthenticationRefresherImpl.js","sourceRoot":"","sources":["../../../../src/shared/lib/AuthenticationRefresherImpl.ts"],"names":[],"mappings":"AACA,OAAO,EACL,yBAAyB,EACzB,WAAW,EACX,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF,MAAM,OAAO,2BAA4B,SAAQ,8BAA8B;IAMjE;IALJ,SAAS,CAAwB;IACjC,YAAY,CAA2B;IAC/C,YACE,UAAsB,EACtB,OAAoB,EACV,iBAAsC;QAEhD,KAAK,EAAE,CAAC;QAFE,sBAAiB,GAAjB,iBAAiB,CAAqB;QAGhD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAClE,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,iBAAiB,CACvB,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,UAAU,CAAC,QAAQ,EACxB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;SACzC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,OAAoB,EACpB,iBAAsC;QAEtC,MAAM,SAAS,GAAG,IAAI,2BAA2B,CAC/C,UAAU,EACV,OAAO,EACP,iBAAiB,CAClB,CAAC;QACF,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC;QAEvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,iBAAwC;QACxD,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAElD,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,IAAI,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,YAAY,GAAG,IAAI,CAAC,YAAa,CAAC;QACxC,MAAM,iBAAiB,GACrB,MAAM,YAAY,CAAC,kBAAkB,CACnC,YAAY,CACb,CAAC;QACJ,MAAM,oBAAoB,CACxB,iBAAiB,EACjB,IAAI,CAAC,SAAU,EACf,YAAY,EACZ,IAAI,CAAC,WAAW,CACjB,CAAC;QAEF,MAAM,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;QAC1C,OAAO,iBAAiB,CAAC;IAC3B,CAAC;CACF","sourcesContent":["import type { AuthConfig } from \"@/server/config.js\";\nimport {\n getEndpointsWithOverrides,\n storeTokens,\n validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport type { AuthStorage, Endpoints, OIDCTokenResponseBody } from \"@/types.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { GenericAuthenticationRefresher } from \"./GenericAuthenticationRefresher.js\";\n\nexport class AuthenticationRefresherImpl extends GenericAuthenticationRefresher {\n private endpoints: Endpoints | undefined;\n private oauth2client: OAuth2Client | undefined;\n constructor(\n authConfig: AuthConfig,\n storage: AuthStorage,\n protected endpointOverrides?: Partial<Endpoints>,\n ) {\n super();\n this.authConfig = authConfig;\n this.storage = storage;\n this.init();\n }\n\n async init(): Promise<this> {\n if (!this.authConfig) throw new Error(\"No auth config available\");\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.oauthServer,\n this.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.authConfig.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.authConfig.redirectUrl,\n },\n );\n\n return this;\n }\n\n static async build(\n authConfig: AuthConfig,\n storage: AuthStorage,\n endpointOverrides?: Partial<Endpoints>,\n ): Promise<AuthenticationRefresherImpl> {\n const refresher = new AuthenticationRefresherImpl(\n authConfig,\n storage,\n endpointOverrides,\n );\n await refresher.init();\n\n return refresher;\n }\n\n async storeTokens(tokenResponseBody: OIDCTokenResponseBody): Promise<void> {\n if (!this.storage) throw new Error(\"No storage available\");\n await storeTokens(this.storage, tokenResponseBody);\n }\n\n async refreshAccessToken(): Promise<OIDCTokenResponseBody> {\n if (!this.storage) throw new Error(\"No storage available\");\n const refreshToken = await this.getRefreshToken();\n\n if (!this.oauth2client) this.init();\n const oauth2Client = this.oauth2client!;\n const tokenResponseBody =\n await oauth2Client.refreshAccessToken<OIDCTokenResponseBody>(\n refreshToken,\n );\n await validateOauth2Tokens(\n tokenResponseBody,\n this.endpoints!,\n oauth2Client,\n this.oauthServer,\n );\n\n await this.storeTokens(tokenResponseBody);\n return tokenResponseBody;\n }\n}\n"]}
1
+ {"version":3,"file":"AuthenticationRefresherImpl.js","sourceRoot":"","sources":["../../../../src/shared/lib/AuthenticationRefresherImpl.ts"],"names":[],"mappings":"AACA,OAAO,EACL,yBAAyB,EACzB,WAAW,EACX,oBAAoB,GACrB,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3C,OAAO,EAAE,8BAA8B,EAAE,MAAM,qCAAqC,CAAC;AAErF,MAAM,OAAO,2BAA4B,SAAQ,8BAA8B;IAOjE;IANJ,SAAS,CAAwB;IACjC,YAAY,CAA2B;IAC/C,YACE,UAAsB,EACtB,OAAoB,EACpB,OAAwC,EAC9B,iBAAsC;QAEhD,KAAK,CAAC,OAAO,CAAC,CAAC;QAFL,sBAAiB,GAAjB,iBAAiB,CAAqB;QAGhD,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,IAAI,EAAE,CAAC;IACd,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAClE,uBAAuB;QACvB,IAAI,CAAC,SAAS,GAAG,MAAM,yBAAyB,CAC9C,IAAI,CAAC,WAAW,EAChB,IAAI,CAAC,iBAAiB,CACvB,CAAC;QACF,IAAI,CAAC,YAAY,GAAG,IAAI,YAAY,CAClC,IAAI,CAAC,UAAU,CAAC,QAAQ,EACxB,IAAI,CAAC,SAAS,CAAC,IAAI,EACnB,IAAI,CAAC,SAAS,CAAC,KAAK,EACpB;YACE,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,WAAW;SACzC,CACF,CAAC;QAEF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,KAAK,CAChB,UAAsB,EACtB,OAAoB,EACpB,OAAwC,EACxC,iBAAsC;QAEtC,MAAM,SAAS,GAAG,IAAI,2BAA2B,CAC/C,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,CAClB,CAAC;QACF,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC;QAEvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,iBAAwC;QACxD,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,MAAM,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;IACrD,CAAC;IAED,KAAK,CAAC,kBAAkB;QACtB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,gDAAgD,EAAE;YAC5D,YAAY;SACb,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,CAAC,YAAY;YAAE,IAAI,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,YAAY,GAAG,IAAI,CAAC,YAAa,CAAC;QACxC,MAAM,iBAAiB,GACrB,MAAM,YAAY,CAAC,kBAAkB,CACnC,YAAY,CACb,CAAC;QACJ,MAAM,oBAAoB,CACxB,iBAAiB,EACjB,IAAI,CAAC,SAAU,EACf,YAAY,EACZ,IAAI,CAAC,WAAW,CACjB,CAAC;QAEF,MAAM,IAAI,CAAC,WAAW,CAAC,iBAAiB,CAAC,CAAC;QAC1C,OAAO,iBAAiB,CAAC;IAC3B,CAAC;CACF","sourcesContent":["import type { AuthConfig } from \"@/server/config.js\";\nimport {\n getEndpointsWithOverrides,\n storeTokens,\n validateOauth2Tokens,\n} from \"@/shared/lib/util.js\";\nimport type { AuthStorage, Endpoints, OIDCTokenResponseBody } from \"@/types.js\";\nimport { OAuth2Client } from \"oslo/oauth2\";\nimport { GenericAuthenticationRefresher } from \"./GenericAuthenticationRefresher.js\";\n\nexport class AuthenticationRefresherImpl extends GenericAuthenticationRefresher {\n private endpoints: Endpoints | undefined;\n private oauth2client: OAuth2Client | undefined;\n constructor(\n authConfig: AuthConfig,\n storage: AuthStorage,\n onError: (error: Error) => Promise<void>,\n protected endpointOverrides?: Partial<Endpoints>,\n ) {\n super(onError);\n this.authConfig = authConfig;\n this.storage = storage;\n this.init();\n }\n\n async init(): Promise<this> {\n if (!this.authConfig) throw new Error(\"No auth config available\");\n // resolve oauth config\n this.endpoints = await getEndpointsWithOverrides(\n this.oauthServer,\n this.endpointOverrides,\n );\n this.oauth2client = new OAuth2Client(\n this.authConfig.clientId,\n this.endpoints.auth,\n this.endpoints.token,\n {\n redirectURI: this.authConfig.redirectUrl,\n },\n );\n\n return this;\n }\n\n static async build(\n authConfig: AuthConfig,\n storage: AuthStorage,\n onError: (error: Error) => Promise<void>,\n endpointOverrides?: Partial<Endpoints>,\n ): Promise<AuthenticationRefresherImpl> {\n const refresher = new AuthenticationRefresherImpl(\n authConfig,\n storage,\n onError,\n endpointOverrides,\n );\n await refresher.init();\n\n return refresher;\n }\n\n async storeTokens(tokenResponseBody: OIDCTokenResponseBody): Promise<void> {\n if (!this.storage) throw new Error(\"No storage available\");\n await storeTokens(this.storage, tokenResponseBody);\n }\n\n async refreshAccessToken(): Promise<OIDCTokenResponseBody> {\n if (!this.storage) throw new Error(\"No storage available\");\n const refreshToken = await this.getRefreshToken();\n console.log(\"AuthenticationRefresherImpl refreshAccessToken\", {\n refreshToken,\n });\n if (!this.oauth2client) this.init();\n const oauth2Client = this.oauth2client!;\n const tokenResponseBody =\n await oauth2Client.refreshAccessToken<OIDCTokenResponseBody>(\n refreshToken,\n );\n await validateOauth2Tokens(\n tokenResponseBody,\n this.endpoints!,\n oauth2Client,\n this.oauthServer,\n );\n\n await this.storeTokens(tokenResponseBody);\n return tokenResponseBody;\n }\n}\n"]}
package/dist/esm/shared/lib/BrowserAuthenticationRefresher.d.ts ADDED
@@ -0,0 +1,11 @@
1
+ import { AuthenticationRefresherImpl } from "./AuthenticationRefresherImpl.js";
2
+ import type { AuthStorage, Endpoints } from "../../types.js";
3
+ import type { AuthConfig } from "../../server/config.js";
4
+ export declare class BrowserAuthenticationRefresher extends AuthenticationRefresherImpl {
5
+ static build(authConfig: AuthConfig, storage: AuthStorage, onError: (error: Error) => Promise<void>, endpointOverrides?: Partial<Endpoints>): Promise<BrowserAuthenticationRefresher>;
6
+ protected handleError(error: Error): void;
7
+ protected handleRefresh(): Promise<void>;
8
+ setupAutorefresh(): Promise<void>;
9
+ clearAutorefresh(): void;
10
+ }
11
+ //# sourceMappingURL=BrowserAuthenticationRefresher.d.ts.map
package/dist/esm/shared/lib/BrowserAuthenticationRefresher.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"BrowserAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/BrowserAuthenticationRefresher.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAC/E,OAAO,KAAK,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AACzD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAErD,qBAAa,8BAA+B,SAAQ,2BAA2B;WACvD,KAAK,CACzB,UAAU,EAAE,UAAU,EACtB,OAAO,EAAE,WAAW,EACpB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC,EACxC,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,GACrC,OAAO,CAAC,8BAA8B,CAAC;IAY1C,SAAS,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK;cAMlB,aAAa;IAmBvB,gBAAgB;IAuBtB,gBAAgB;CASjB"}
package/dist/esm/shared/lib/BrowserAuthenticationRefresher.js ADDED
@@ -0,0 +1,59 @@
1
+ import { AUTOREFRESH_TIMEOUT_NAME, REFRESH_IN_PROGRESS } from "../../constants.js";
2
+ import { retrieveAccessTokenExpiresAt } from "../../shared/lib/util.js";
3
+ import { AuthenticationRefresherImpl } from "./AuthenticationRefresherImpl.js";
4
+ export class BrowserAuthenticationRefresher extends AuthenticationRefresherImpl {
5
+ static async build(authConfig, storage, onError, endpointOverrides) {
6
+ const refresher = new BrowserAuthenticationRefresher(authConfig, storage, onError, endpointOverrides);
7
+ await refresher.init();
8
+ return refresher;
9
+ }
10
+ handleError(error) {
11
+ console.error("BrowserAuthenticationRefresher: Error", error);
12
+ this.clearAutorefresh();
13
+ this.onError(error);
14
+ }
15
+ async handleRefresh() {
16
+ try {
17
+ // ensure only one refresh is in progress
18
+ if (localStorage.getItem(REFRESH_IN_PROGRESS) !== "true") {
19
+ localStorage.setItem(REFRESH_IN_PROGRESS, "true");
20
+ await this.refreshTokens();
21
+ localStorage.removeItem(REFRESH_IN_PROGRESS);
22
+ await this.setupAutorefresh(); // Reset the timeout after successful refresh
23
+ }
24
+ }
25
+ catch (error) {
26
+ console.error("BrowserAuthenticationRefresher: Failed to refresh tokens:", error);
27
+ // TODO detect if refresh token has expired and if yes then logout
28
+ this.handleError(error);
29
+ }
30
+ }
31
+ async setupAutorefresh() {
32
+ // clear any existing state
33
+ localStorage.removeItem(REFRESH_IN_PROGRESS);
34
+ if (!this.storage)
35
+ throw new Error("No storage available");
36
+ // Clear any existing timeout
37
+ this.clearAutorefresh();
38
+ // get expires_in
39
+ const now = Math.floor(Date.now() / 1000);
40
+ const expiresAt = (await retrieveAccessTokenExpiresAt(this.storage)) || now + 60;
41
+ // Calculate time until expiry (subtract 30 seconds as buffer)
42
+ const bufferTime = 30; // 30 seconds
43
+ const refreshTime = Math.max(0, expiresAt - bufferTime - now); // handle case were token has expired in the past
44
+ const refreshTimeout = setTimeout(() => {
45
+ this.handleRefresh();
46
+ }, 1000 * refreshTime);
47
+ localStorage.setItem(AUTOREFRESH_TIMEOUT_NAME, refreshTimeout.toString());
48
+ }
49
+ clearAutorefresh() {
50
+ // use local storage to store the timeout id so that if multiple instances
51
+ // of the refresher are created they can all clear the same timeout
52
+ const existingTimeout = localStorage.getItem(AUTOREFRESH_TIMEOUT_NAME);
53
+ if (existingTimeout) {
54
+ clearTimeout(existingTimeout);
55
+ localStorage.removeItem(AUTOREFRESH_TIMEOUT_NAME);
56
+ }
57
+ }
58
+ }
59
+ //# sourceMappingURL=BrowserAuthenticationRefresher.js.map
package/dist/esm/shared/lib/BrowserAuthenticationRefresher.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"BrowserAuthenticationRefresher.js","sourceRoot":"","sources":["../../../../src/shared/lib/BrowserAuthenticationRefresher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,wBAAwB,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC/E,OAAO,EAAE,4BAA4B,EAAE,MAAM,sBAAsB,CAAC;AACpE,OAAO,EAAE,2BAA2B,EAAE,MAAM,kCAAkC,CAAC;AAI/E,MAAM,OAAO,8BAA+B,SAAQ,2BAA2B;IAC7E,MAAM,CAAU,KAAK,CAAC,KAAK,CACzB,UAAsB,EACtB,OAAoB,EACpB,OAAwC,EACxC,iBAAsC;QAEtC,MAAM,SAAS,GAAG,IAAI,8BAA8B,CAClD,UAAU,EACV,OAAO,EACP,OAAO,EACP,iBAAiB,CAClB,CAAC;QACF,MAAM,SAAS,CAAC,IAAI,EAAE,CAAC;QAEvB,OAAO,SAAS,CAAC;IACnB,CAAC;IAES,WAAW,CAAC,KAAY;QAChC,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;QAC9D,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACxB,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;IAES,KAAK,CAAC,aAAa;QAC3B,IAAI,CAAC;YACH,yCAAyC;YACzC,IAAI,YAAY,CAAC,OAAO,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;gBACzD,YAAY,CAAC,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;gBAClD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC3B,YAAY,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;gBAC7C,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC,6CAA6C;YAC9E,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,2DAA2D,EAC3D,KAAK,CACN,CAAC;YACF,kEAAkE;YAClE,IAAI,CAAC,WAAW,CAAC,KAAc,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,2BAA2B;QAC3B,YAAY,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC;QAE7C,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,iBAAiB;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GACb,CAAC,MAAM,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,GAAG,GAAG,EAAE,CAAC;QAEjE,8DAA8D;QAC9D,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,aAAa;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,iDAAiD;QAEhH,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,EAAE;YACrC,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,CAAC,EAAE,IAAI,GAAG,WAAW,CAAC,CAAC;QACvB,YAAY,CAAC,OAAO,CAAC,wBAAwB,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,gBAAgB;QACd,0EAA0E;QAC1E,mEAAmE;QACnE,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QACvE,IAAI,eAAe,EAAE,CAAC;YACpB,YAAY,CAAC,eAAe,CAAC,CAAC;YAC9B,YAAY,CAAC,UAAU,CAAC,wBAAwB,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;CACF","sourcesContent":["import { AUTOREFRESH_TIMEOUT_NAME, REFRESH_IN_PROGRESS } from \"@/constants.js\";\nimport { retrieveAccessTokenExpiresAt } from \"@/shared/lib/util.js\";\nimport { AuthenticationRefresherImpl } from \"./AuthenticationRefresherImpl.js\";\nimport type { AuthStorage, Endpoints } from \"@/types.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\n\nexport class BrowserAuthenticationRefresher extends AuthenticationRefresherImpl {\n static override async build(\n authConfig: AuthConfig,\n storage: AuthStorage,\n onError: (error: Error) => Promise<void>,\n endpointOverrides?: Partial<Endpoints>,\n ): Promise<BrowserAuthenticationRefresher> {\n const refresher = new BrowserAuthenticationRefresher(\n authConfig,\n storage,\n onError,\n endpointOverrides,\n );\n await refresher.init();\n\n return refresher;\n }\n\n protected handleError(error: Error) {\n console.error(\"BrowserAuthenticationRefresher: Error\", error);\n this.clearAutorefresh();\n this.onError(error);\n }\n\n protected async handleRefresh() {\n try {\n // ensure only one refresh is in progress\n if (localStorage.getItem(REFRESH_IN_PROGRESS) !== \"true\") {\n localStorage.setItem(REFRESH_IN_PROGRESS, \"true\");\n await this.refreshTokens();\n localStorage.removeItem(REFRESH_IN_PROGRESS);\n await this.setupAutorefresh(); // Reset the timeout after successful refresh\n }\n } catch (error) {\n console.error(\n \"BrowserAuthenticationRefresher: Failed to refresh tokens:\",\n error,\n );\n // TODO detect if refresh token has expired and if yes then logout\n this.handleError(error as Error);\n }\n }\n\n async setupAutorefresh() {\n // clear any existing state\n localStorage.removeItem(REFRESH_IN_PROGRESS);\n\n if (!this.storage) throw new Error(\"No storage available\");\n // Clear any existing timeout\n this.clearAutorefresh();\n\n // get expires_in\n const now = Math.floor(Date.now() / 1000);\n const expiresAt =\n (await retrieveAccessTokenExpiresAt(this.storage)) || now + 60;\n\n // Calculate time until expiry (subtract 30 seconds as buffer)\n const bufferTime = 30; // 30 seconds\n const refreshTime = Math.max(0, expiresAt - bufferTime - now); // handle case were token has expired in the past\n\n const refreshTimeout = setTimeout(() => {\n this.handleRefresh();\n }, 1000 * refreshTime);\n localStorage.setItem(AUTOREFRESH_TIMEOUT_NAME, refreshTimeout.toString());\n }\n\n clearAutorefresh() {\n // use local storage to store the timeout id so that if multiple instances\n // of the refresher are created they can all clear the same timeout\n const existingTimeout = localStorage.getItem(AUTOREFRESH_TIMEOUT_NAME);\n if (existingTimeout) {\n clearTimeout(existingTimeout);\n localStorage.removeItem(AUTOREFRESH_TIMEOUT_NAME);\n }\n }\n}\n"]}
package/dist/esm/shared/lib/GenericAuthenticationRefresher.d.ts CHANGED
@@ -2,15 +2,13 @@ import type { AuthConfig } from "../../server/config.js";
2
2
  import type { AuthenticationRefresher } from "../../services/types.js";
3
3
  import type { AuthStorage, OIDCTokenResponseBody } from "../../types.js";
4
4
  export declare abstract class GenericAuthenticationRefresher implements AuthenticationRefresher {
5
+ readonly onError: (error: Error) => Promise<void>;
5
6
  protected authConfig: AuthConfig | undefined;
6
7
  protected storage: AuthStorage | undefined;
7
- static refreshInProgress: boolean;
8
+ constructor(onError: (error: Error) => Promise<void>);
8
9
  get oauthServer(): string;
9
10
  abstract refreshAccessToken(refreshToken?: string): Promise<OIDCTokenResponseBody>;
10
11
  getRefreshToken(): Promise<string>;
11
12
  refreshTokens(): Promise<OIDCTokenResponseBody>;
12
- private handleRefresh;
13
- setupAutorefresh(): Promise<void>;
14
- clearAutorefresh(): void;
15
13
  }
16
14
  //# sourceMappingURL=GenericAuthenticationRefresher.d.ts.map
package/dist/esm/shared/lib/GenericAuthenticationRefresher.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"GenericAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAKnE,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAErE,8BAAsB,8BACpB,YAAW,uBAAuB;IAElC,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,SAAS,CAAC;IAC7C,SAAS,CAAC,OAAO,EAAE,WAAW,GAAG,SAAS,CAAC;IAC3C,MAAM,CAAC,iBAAiB,UAAS;IAEjC,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,QAAQ,CAAC,kBAAkB,CACzB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,qBAAqB,CAAC;IAE3B,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IAQlC,aAAa;YAIL,aAAa;IAerB,gBAAgB;IAoBtB,gBAAgB;CAQjB"}
1
+ {"version":3,"file":"GenericAuthenticationRefresher.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AACrD,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,qBAAqB,CAAC;AAEnE,OAAO,KAAK,EAAE,WAAW,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAErE,8BAAsB,8BACpB,YAAW,uBAAuB;IAKtB,QAAQ,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC;IAH7D,SAAS,CAAC,UAAU,EAAE,UAAU,GAAG,SAAS,CAAC;IAC7C,SAAS,CAAC,OAAO,EAAE,WAAW,GAAG,SAAS,CAAC;gBAEtB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,OAAO,CAAC,IAAI,CAAC;IAE7D,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,QAAQ,CAAC,kBAAkB,CACzB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,qBAAqB,CAAC;IAE3B,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IASlC,aAAa;CAepB"}
package/dist/esm/shared/lib/GenericAuthenticationRefresher.js CHANGED
@@ -1,9 +1,12 @@
1
- import { AUTOREFRESH_TIMEOUT_NAME, DEFAULT_AUTH_SERVER, REFRESH_IN_PROGRESS, } from "../../constants.js";
2
- import { retrieveAccessTokenExpiresAt, retrieveTokens, } from "../../shared/lib/util.js";
1
+ import { DEFAULT_AUTH_SERVER } from "../../constants.js";
2
+ import { retrieveTokens } from "../../shared/lib/util.js";
3
3
  export class GenericAuthenticationRefresher {
4
+ onError;
4
5
  authConfig;
5
6
  storage;
6
- static refreshInProgress = false;
7
+ constructor(onError) {
8
+ this.onError = onError;
9
+ }
7
10
  get oauthServer() {
8
11
  return this.authConfig?.oauthServer || DEFAULT_AUTH_SERVER;
9
12
  }
@@ -11,50 +14,20 @@ export class GenericAuthenticationRefresher {
11
14
  if (!this.storage)
12
15
  throw new Error("No storage available");
13
16
  const tokens = await retrieveTokens(this.storage);
17
+ console.log("getRefreshToken tokens", tokens);
14
18
  if (!tokens?.refresh_token)
15
19
  throw new Error("No refresh token available");
16
20
  return tokens.refresh_token;
17
21
  }
18
22
  async refreshTokens() {
19
- return this.refreshAccessToken();
20
- }
21
- async handleRefresh() {
23
+ console.log("GenericAuthenticationRefresher refreshTokens calling refreshAccessToken()");
22
24
  try {
23
- // ensure only one refresh is in progress
24
- if (localStorage.getItem(REFRESH_IN_PROGRESS) !== "true") {
25
- localStorage.setItem(REFRESH_IN_PROGRESS, "true");
26
- await this.refreshTokens();
27
- localStorage.setItem(REFRESH_IN_PROGRESS, "false");
28
- await this.setupAutorefresh(); // Reset the timeout after successful refresh
29
- }
25
+ return await this.refreshAccessToken();
30
26
  }
31
27
  catch (error) {
32
- console.error("Failed to refresh tokens:", error);
28
+ console.error("GenericAuthenticationRefresher: Failed to refresh tokens:", error);
33
29
  // TODO detect if refresh token has expired and if yes then logout
34
- }
35
- }
36
- async setupAutorefresh() {
37
- if (!this.storage)
38
- throw new Error("No storage available");
39
- // Clear any existing timeout
40
- this.clearAutorefresh();
41
- // get expires_in
42
- const now = Math.floor(Date.now() / 1000);
43
- const expiresAt = (await retrieveAccessTokenExpiresAt(this.storage)) || now + 60;
44
- // Calculate time until expiry (subtract 30 seconds as buffer)
45
- const bufferTime = 30; // 30 seconds
46
- const refreshTime = Math.max(0, expiresAt - bufferTime - now); // handle case were token has expired in the past
47
- const refreshTimeout = setTimeout(() => {
48
- this.handleRefresh();
49
- }, 1000 * refreshTime);
50
- localStorage.setItem(AUTOREFRESH_TIMEOUT_NAME, refreshTimeout.toString());
51
- }
52
- clearAutorefresh() {
53
- // use local storage to store the timeout id so that if multiple instances
54
- // of the refresher are created they can all clear the same timeout
55
- const existingTimeout = localStorage.getItem(AUTOREFRESH_TIMEOUT_NAME);
56
- if (existingTimeout) {
57
- clearTimeout(existingTimeout);
30
+ throw error;
58
31
  }
59
32
  }
60
33
  }
package/dist/esm/shared/lib/GenericAuthenticationRefresher.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"GenericAuthenticationRefresher.js","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,wBAAwB,EACxB,mBAAmB,EACnB,mBAAmB,GACpB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,4BAA4B,EAC5B,cAAc,GACf,MAAM,sBAAsB,CAAC;AAG9B,MAAM,OAAgB,8BAA8B;IAGxC,UAAU,CAAyB;IACnC,OAAO,CAA0B;IAC3C,MAAM,CAAC,iBAAiB,GAAG,KAAK,CAAC;IAEjC,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,UAAU,EAAE,WAAW,IAAI,mBAAmB,CAAC;IAC7D,CAAC;IAMD,KAAK,CAAC,eAAe;QACnB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,MAAM,EAAE,aAAa;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC1E,OAAO,MAAM,CAAC,aAAa,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,OAAO,IAAI,CAAC,kBAAkB,EAAE,CAAC;IACnC,CAAC;IAEO,KAAK,CAAC,aAAa;QACzB,IAAI,CAAC;YACH,yCAAyC;YACzC,IAAI,YAAY,CAAC,OAAO,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;gBACzD,YAAY,CAAC,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC,CAAC;gBAClD,MAAM,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC3B,YAAY,CAAC,OAAO,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAAC;gBACnD,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC,6CAA6C;YAC9E,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;YAClD,kEAAkE;QACpE,CAAC;IACH,CAAC;IAED,KAAK,CAAC,gBAAgB;QACpB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC3D,6BAA6B;QAC7B,IAAI,CAAC,gBAAgB,EAAE,CAAC;QAExB,iBAAiB;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GACb,CAAC,MAAM,4BAA4B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,GAAG,GAAG,EAAE,CAAC;QAEjE,8DAA8D;QAC9D,MAAM,UAAU,GAAG,EAAE,CAAC,CAAC,aAAa;QACpC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC,CAAC,iDAAiD;QAEhH,MAAM,cAAc,GAAG,UAAU,CAAC,GAAG,EAAE;YACrC,IAAI,CAAC,aAAa,EAAE,CAAC;QACvB,CAAC,EAAE,IAAI,GAAG,WAAW,CAAC,CAAC;QACvB,YAAY,CAAC,OAAO,CAAC,wBAAwB,EAAE,cAAc,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,gBAAgB;QACd,0EAA0E;QAC1E,mEAAmE;QACnE,MAAM,eAAe,GAAG,YAAY,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QACvE,IAAI,eAAe,EAAE,CAAC;YACpB,YAAY,CAAC,eAAe,CAAC,CAAC;QAChC,CAAC;IACH,CAAC","sourcesContent":["import {\n AUTOREFRESH_TIMEOUT_NAME,\n DEFAULT_AUTH_SERVER,\n REFRESH_IN_PROGRESS,\n} from \"@/constants.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport type { AuthenticationRefresher } from \"@/services/types.js\";\nimport {\n retrieveAccessTokenExpiresAt,\n retrieveTokens,\n} from \"@/shared/lib/util.js\";\nimport type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\n\nexport abstract class GenericAuthenticationRefresher\n implements AuthenticationRefresher\n{\n protected authConfig: AuthConfig | undefined;\n protected storage: AuthStorage | undefined;\n static refreshInProgress = false;\n\n get oauthServer(): string {\n return this.authConfig?.oauthServer || DEFAULT_AUTH_SERVER;\n }\n\n abstract refreshAccessToken(\n refreshToken?: string,\n ): Promise<OIDCTokenResponseBody>;\n\n async getRefreshToken(): Promise<string> {\n if (!this.storage) throw new Error(\"No storage available\");\n\n const tokens = await retrieveTokens(this.storage);\n if (!tokens?.refresh_token) throw new Error(\"No refresh token available\");\n return tokens.refresh_token;\n }\n\n async refreshTokens() {\n return this.refreshAccessToken();\n }\n\n private async handleRefresh() {\n try {\n // ensure only one refresh is in progress\n if (localStorage.getItem(REFRESH_IN_PROGRESS) !== \"true\") {\n localStorage.setItem(REFRESH_IN_PROGRESS, \"true\");\n await this.refreshTokens();\n localStorage.setItem(REFRESH_IN_PROGRESS, \"false\");\n await this.setupAutorefresh(); // Reset the timeout after successful refresh\n }\n } catch (error) {\n console.error(\"Failed to refresh tokens:\", error);\n // TODO detect if refresh token has expired and if yes then logout\n }\n }\n\n async setupAutorefresh() {\n if (!this.storage) throw new Error(\"No storage available\");\n // Clear any existing timeout\n this.clearAutorefresh();\n\n // get expires_in\n const now = Math.floor(Date.now() / 1000);\n const expiresAt =\n (await retrieveAccessTokenExpiresAt(this.storage)) || now + 60;\n\n // Calculate time until expiry (subtract 30 seconds as buffer)\n const bufferTime = 30; // 30 seconds\n const refreshTime = Math.max(0, expiresAt - bufferTime - now); // handle case were token has expired in the past\n\n const refreshTimeout = setTimeout(() => {\n this.handleRefresh();\n }, 1000 * refreshTime);\n localStorage.setItem(AUTOREFRESH_TIMEOUT_NAME, refreshTimeout.toString());\n }\n\n clearAutorefresh() {\n // use local storage to store the timeout id so that if multiple instances\n // of the refresher are created they can all clear the same timeout\n const existingTimeout = localStorage.getItem(AUTOREFRESH_TIMEOUT_NAME);\n if (existingTimeout) {\n clearTimeout(existingTimeout);\n }\n }\n}\n"]}
1
+ {"version":3,"file":"GenericAuthenticationRefresher.js","sourceRoot":"","sources":["../../../../src/shared/lib/GenericAuthenticationRefresher.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAGrD,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAGtD,MAAM,OAAgB,8BAA8B;IAM7B;IAHX,UAAU,CAAyB;IACnC,OAAO,CAA0B;IAE3C,YAAqB,OAAwC;QAAxC,YAAO,GAAP,OAAO,CAAiC;IAAG,CAAC;IAEjE,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,UAAU,EAAE,WAAW,IAAI,mBAAmB,CAAC;IAC7D,CAAC;IAMD,KAAK,CAAC,eAAe;QACnB,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAE3D,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClD,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC;QAC9C,IAAI,CAAC,MAAM,EAAE,aAAa;YAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAC1E,OAAO,MAAM,CAAC,aAAa,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,aAAa;QACjB,OAAO,CAAC,GAAG,CACT,2EAA2E,CAC5E,CAAC;QACF,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACzC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,2DAA2D,EAC3D,KAAK,CACN,CAAC;YACF,kEAAkE;YAClE,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF","sourcesContent":["import { DEFAULT_AUTH_SERVER } from \"@/constants.js\";\nimport type { AuthConfig } from \"@/server/config.js\";\nimport type { AuthenticationRefresher } from \"@/services/types.js\";\nimport { retrieveTokens } from \"@/shared/lib/util.js\";\nimport type { AuthStorage, OIDCTokenResponseBody } from \"@/types.js\";\n\nexport abstract class GenericAuthenticationRefresher\n implements AuthenticationRefresher\n{\n protected authConfig: AuthConfig | undefined;\n protected storage: AuthStorage | undefined;\n\n constructor(readonly onError: (error: Error) => Promise<void>) {}\n\n get oauthServer(): string {\n return this.authConfig?.oauthServer || DEFAULT_AUTH_SERVER;\n }\n\n abstract refreshAccessToken(\n refreshToken?: string,\n ): Promise<OIDCTokenResponseBody>;\n\n async getRefreshToken(): Promise<string> {\n if (!this.storage) throw new Error(\"No storage available\");\n\n const tokens = await retrieveTokens(this.storage);\n console.log(\"getRefreshToken tokens\", tokens);\n if (!tokens?.refresh_token) throw new Error(\"No refresh token available\");\n return tokens.refresh_token;\n }\n\n async refreshTokens() {\n console.log(\n \"GenericAuthenticationRefresher refreshTokens calling refreshAccessToken()\",\n );\n try {\n return await this.refreshAccessToken();\n } catch (error) {\n console.error(\n \"GenericAuthenticationRefresher: Failed to refresh tokens:\",\n error,\n );\n // TODO detect if refresh token has expired and if yes then logout\n throw error;\n }\n }\n}\n"]}
package/dist/esm/shared/lib/util.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/util.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EACT,qBAAqB,EACrB,YAAY,EACb,MAAM,YAAY,CAAC;AAMpB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAI3C,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGtE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAOlD;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,YAAY,EAAE,MAAM,EACpB,MAAM,GAAE,OAAO,GAAG,MAAe,GAChC,OAAO,CAAC,MAAM,CAAC,CAajB;AAED,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,EACnB,iBAAiB,GAAE,OAAO,CAAC,SAAS,CAAM,GACzC,OAAO,CAAC,SAAS,CAAC,CAMpB;AAED,wBAAsB,qBAAqB,CAAC,MAAM,EAAE;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,YAAY,EAAE,YAAY,CAAC;CAC5B,GAAG,OAAO,CAAC,GAAG,CAAC,CA2Bf;AAED,wBAAsB,sBAAsB,CAAC,MAAM,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;CACxC,GAAG,OAAO,CAAC,GAAG,CAAC,CAcf;AAED,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,GACnB,YAAY,CAId;AAED,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,YAAY,EAC1B,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,kCAoBrB;AAED,eAAO,MAAM,uBAAuB,WAC1B,qBAAqB,KAC5B,MAUF,CAAC;AACF,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,WAAW,GAAG,aAAa,EACpC,MAAM,EAAE,qBAAqB,iBAQ9B;AAED,wBAAsB,WAAW,CAC/B,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,qBAAqB,iBAQ9B;AAED,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,WAAW,GAAG,aAAa,EACpC,MAAM,EAAE,qBAAqB,iBAsC9B;AAED,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,iBAYrD;AAED,wBAAsB,sBAAsB,CAAC,OAAO,EAAE,WAAW,iBAGhE;AAED,wBAAsB,SAAS,CAAC,OAAO,EAAE,WAAW,iBAGnD;AAED,wBAAsB,cAAc,CAClC,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAmBvC;AAED,wBAAsB,4BAA4B,CAChD,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,MAAM,CAAC,CAEjB;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,qBAAqB,EAC7B,SAAS,EAAE,SAAS,EACpB,YAAY,EAAE,YAAY,EAC1B,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,YAAY,CAAC,CA2BvB"}
1
+ {"version":3,"file":"util.d.ts","sourceRoot":"","sources":["../../../../src/shared/lib/util.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,WAAW,EACX,SAAS,EACT,qBAAqB,EACrB,YAAY,EACb,MAAM,YAAY,CAAC;AAMpB,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAI3C,OAAO,KAAK,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAGtE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAOlD;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,YAAY,EAAE,MAAM,EACpB,MAAM,GAAE,OAAO,GAAG,MAAe,GAChC,OAAO,CAAC,MAAM,CAAC,CAajB;AAED,wBAAsB,yBAAyB,CAC7C,WAAW,EAAE,MAAM,EACnB,iBAAiB,GAAE,OAAO,CAAC,SAAS,CAAM,GACzC,OAAO,CAAC,SAAS,CAAC,CAMpB;AAED,wBAAsB,qBAAqB,CAAC,MAAM,EAAE;IAClD,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;IAEvC,YAAY,EAAE,YAAY,CAAC;CAC5B,GAAG,OAAO,CAAC,GAAG,CAAC,CA2Bf;AAED,wBAAsB,sBAAsB,CAAC,MAAM,EAAE;IACnD,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC;CACxC,GAAG,OAAO,CAAC,GAAG,CAAC,CAcf;AAED,wBAAgB,iBAAiB,CAC/B,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,GACnB,YAAY,CAId;AAED,wBAAsB,cAAc,CAClC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,YAAY,EAAE,YAAY,EAC1B,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,MAAM,EACnB,SAAS,EAAE,SAAS,kCAoBrB;AAED,eAAO,MAAM,uBAAuB,WAC1B,qBAAqB,KAC5B,MAUF,CAAC;AACF,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,WAAW,GAAG,aAAa,EACpC,MAAM,EAAE,qBAAqB,iBAQ9B;AAED,wBAAsB,WAAW,CAC/B,OAAO,EAAE,WAAW,EACpB,MAAM,EAAE,qBAAqB,iBAQ9B;AAED,wBAAsB,iBAAiB,CACrC,OAAO,EAAE,WAAW,GAAG,aAAa,EACpC,MAAM,EAAE,qBAAqB,iBA8C9B;AAED,wBAAsB,WAAW,CAAC,OAAO,EAAE,WAAW,iBAYrD;AAED,wBAAsB,sBAAsB,CAAC,OAAO,EAAE,WAAW,iBAGhE;AAED,wBAAsB,SAAS,CAAC,OAAO,EAAE,WAAW,iBAGnD;AAED,wBAAsB,cAAc,CAClC,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,qBAAqB,GAAG,IAAI,CAAC,CAkBvC;AAED,wBAAsB,4BAA4B,CAChD,OAAO,EAAE,WAAW,GACnB,OAAO,CAAC,MAAM,CAAC,CAEjB;AAED,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,qBAAqB,EAC7B,SAAS,EAAE,SAAS,EACpB,YAAY,EAAE,YAAY,EAC1B,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,YAAY,CAAC,CA2BvB"}